Home > Operation and Maintenance > Safety > How to configure the environment for bee-box LDAP injection

How to configure the environment for bee-box LDAP injection

WBOY
Release: 2023-05-12 20:37:04
forward
951 people have browsed it

1. Overview

According to my learning process, I must know what the model and vulnerability principles of my web attack are. Now I have encountered an unpopular situation. I saw it for the first time. When I came to LDAP, I discovered an unpopular one (authorized) during a penetration test of a state-owned enterprise, which aroused my interest in it.

The concept of LDAP:

Full name: Lightweight Directory AccessProtocolt, Features: I won’t talk about the protocol, it’s too esoteric, it can be understood as a The database that stores data is special in that it is a tree-like database. First of all, the name of this database is equivalent to the root of the tree (i.e. DB = dc), and then all the nodes passing through from the root of the tree to a certain leaf node are called Branches (ou) and finally reaches the leaf node (uid) you are looking for. As shown in the figure below:

如何进行bee-box LDAP注入的环境配置

To be more specific, name each node and go through the diagram again, dc= root, fork 1 ou = database, fork 2 ou= mysql, leaf node uid = user.

如何进行bee-box LDAP注入的环境配置

Then describe it in language: dn:cn =user,ou = database,ou = mysql,dc = root

dn identifies a record and describes it A detailed path of data is obtained, which is called "base DN". Through this record, a leaf node can be found conveniently and quickly. From the figure, LDAP can clearly divide the node area, that is, what is the parent node of the node, what are the child nodes, and extended to practical applications, what is the superior department of the department, and who are the employees of the department? , if used internally by the enterprise, it can clearly describe where each employee belongs.

Let’s first look at a case of server segment configuration:

Assume that the name of a company is bwapp, and the CEO who manages this company is called admin.

Now the CEO wants to add a new department to the company, called the security department (anquanbu). Under the security department is the security department (anfu). The security department is divided into penetration testing (sentou) and emergency response. (yingji) two teams, then Xiaoliang (xiaoliang) is in the infiltration team, and Xiaoming (xiaoming) is in the emergency team.

The configured directory structure is as shown below

如何进行bee-box LDAP注入的环境配置

2. LDAP configuration based on Bee-Box (Linux)

First find A relatively easy to configure LDAP architecture, OpenLDAP phpLDAPadmin is recommended here.

The steps are as follows:

First enter the following two installation commands:

sudo apt-getupdate

sudo apt-getinstall slapd ldap-utils

During the installation process, you will be asked to select and confirm the LDAP administrator password

sudodpkg-reconfigure slapd

This command needs to configure some ldap things. The following is a comparison between Chinese and English And screenshot

1. OpenLDAP server configuration is omitted? No

如何进行bee-box LDAP注入的环境配置

2. DNS domain name?

This option will determine the basic structure of the directory path. Read the message to find out how this will be achieved. Even if you don't own the actual domain, you can choose any value you want. However, this tutorial assumes you have the appropriate server domain name, so you should use that. Here for the bwapp shooting range, set it to bwapp.local

如何进行bee-box LDAP注入的环境配置

3. Organization name?

We use bwapp

如何进行bee-box LDAP注入的环境配置

4. Administrator password? Enter the security password twice

5. Database backend? HDB

如何进行bee-box LDAP注入的环境配置

#5. Delete the database when clearing slapd? No

如何进行bee-box LDAP注入的环境配置

#6. Move the old database? Yes

如何进行bee-box LDAP注入的环境配置

#7. Allow LDAPv2 protocol? No

如何进行bee-box LDAP注入的环境配置

At this point the initial configuration is complete, open the LDAP port on the firewall so that external clients can connect:

sudo ufw allow ldap

如何进行bee-box LDAP注入的环境配置

Test whether the LDAP connection to ldapwhoami is successful, the connection should return the username we connected to:

ldapwhoami -H ldap:// -x

如何进行bee-box LDAP注入的环境配置

Access the phpLDAPadmin of the virtual machine from the host

https://virtual machine IP /phpldapadmin/

Enter the password to log in.

如何进行bee-box LDAP注入的环境配置

Login successful

如何进行bee-box LDAP注入的环境配置

Then the configuration on the server is as follows

The following configuration They are all translated into Chinese using the Google Translate plug-in.

First create the security department:

如何进行bee-box LDAP注入的环境配置

Select the organizational unit

如何进行bee-box LDAP注入的环境配置

Create the object

如何进行bee-box LDAP注入的环境配置

Then create the sub-department of the security department, security (anfu)

如何进行bee-box LDAP注入的环境配置

Create the sub-department Entry

The steps are the same as above

Created successfully

如何进行bee-box LDAP注入的环境配置

Then create penetration (shentou) and emergency (yingji) under the security server

The steps are the same as above

如何进行bee-box LDAP注入的环境配置

Create employees Li Xiaoliang (xiaoliang) and Wang Xiaoming (xiaoming) for penetration (shentou) and emergency (yingji) respectively

The steps to create personnel are as follows. The above are the steps to create organizational departments.

First create the user account xiaoliang under the penetration group

phpMyAdmin. To create a user, you need to create a user group first. If there is no There is no way to create users in this user group. The process of creating a user group is as follows:

Create sub-entry

如何进行bee-box LDAP注入的环境配置

Create user group

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

Then create a user under the user group

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

##The creation is successful, but it is very annoying to need to enter the user's last name. Then you need to rename the user after creating the user.

The renaming steps are as follows

Click the username on the left and click rename on the right

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

Modification successful

如何进行bee-box LDAP注入的环境配置

3. Test whether it can communicate with bwapp

Open the ldap injection option of bwapp and enter content similar to the following picture:

如何进行bee-box LDAP注入的环境配置

If the connection is successful, the following interface will be returned

如何进行bee-box LDAP注入的环境配置

Note: If an ldap account is created, the login format must be certain It is like this:

如何进行bee-box LDAP注入的环境配置

cn=xiaoliang,cn=user,ou=shentou,ou=anfu,ou=anquanbu,dc=bwapp,dc=local

Then log in

如何进行bee-box LDAP注入的环境配置

如何进行bee-box LDAP注入的环境配置

The above is the detailed content of How to configure the environment for bee-box LDAP injection. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template