Last active
September 18, 2017 09:27
-
-
Save artem-smotrakov/e4d3bac16fa3404d89c9f09b830d8513 to your computer and use it in GitHub Desktop.
An example of an LDAP client which is vulnerable to blind LDAP injection attack. For more details see An example of LDAP injection in Java. For more details see https://blog.gypsyengineer.com/fun/security/ldap-injections.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import javax.naming.NamingEnumeration; | |
import javax.naming.directory.SearchControls; | |
import javax.naming.directory.SearchResult; | |
import javax.naming.ldap.InitialLdapContext; | |
import java.util.Hashtable; | |
public class LDAPInfo { | |
public static void main(String[] args) throws Exception { | |
if (args.length < 1) { | |
throw new RuntimeException("I need UID!"); | |
} | |
String uid = args[0]; | |
String query = String.format("(&(uid=%s)(objectClass=person))", uid); | |
System.out.println("LDAP query: " + query); | |
Hashtable<String, Object> env = new Hashtable<>(); | |
env.put("java.naming.provider.url", "ldap://localhost:8080/dc=example,dc=org"); | |
env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory"); | |
InitialLdapContext ctx = new InitialLdapContext(env, null); | |
SearchControls constraints = new SearchControls(); | |
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); | |
constraints.setReturningAttributes(new String[] { "telephoneNumber" }); | |
NamingEnumeration<SearchResult> results = ctx.search("", query, constraints); | |
try { | |
if (!results.hasMore()) { | |
System.out.println("Nobody found!"); | |
} else { | |
Object phone = results.next().getAttributes().get("telephoneNumber"); | |
System.out.println("Phone: " + phone); | |
} | |
} finally { | |
results.close(); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment