LDAP and Directory Service Enumeration 141
Enum4linux
One tool worth looking at is enum4linux, which allows for the extraction of information
through samba.
So first, what is samba? Per samba.org, the software is described as:
...software that can be run on a platform other than Microsoft Windows,
for example, UNIX, Linux, IBM System 390, OpenVMS, and other
operating systems. Samba uses the TCP/IP protocol that is installed on the
host server. When correctly configured, it allows that host to interact with
a Microsoft Windows client or server as if it is a Windows file and print
server.
Enum4linux allows for extraction of information where samba is in use. Information
that can be returned includes the following:
■ Group membership information
■ Share information
■ Workgroup or domain membership
■ Remote operating system identification
■ Password policy retrieval
LDAP and Directory Service Enumeration
The Lightweight Directory Access Protocol (LDAP) is used to interact with and organize
databases. LDAP is very widely used due to the fact that it is an open standard that is used
by a number of vendors in their own products—in many cases a directory service like
Microsoft’s Active Directory.
In this section you will explore LDAP mainly in the context of working with
a directory service such as Active Directory or OpenLDAP. However, in
practice the protocol is used by companies that warehouse large amounts
of data.A directory is a database, but the data is organized in a hierarchical or logical format.
Another way of looking at this design is to think of the organization of data much like the
files and folders on a hard drive. To make this data easier and more efficient to access, you
can use DNS alongside the service to speed up queries.