142 Chapter 6 ■ Enumeration of Services
Directory services that make use of LDAP include:
■ Active Directory
■ Novell eDirectory
■ OpenLDAP
■ Open Directory
■ Oracle iPlanetIn many cases the queries performed through LDAP against a database
tend to disclose sensitive data that could be leveraged by an attacker.
Many directory services offer ways to protect these queries through
encryption or other mechanisms, which are either enabled by default or
must be enabled by the administrator.Tools that allow for the enumeration of LDAP-enabled systems and services include the
following:
■ JXplorer
■ LDAP Admin Tool
■ LDAP Account Manager
■ LEX (The LDAP Explorer)
■ Active Directory Explorer
■ LDAP Administration Tool
■ LDAP Search
■ Active Directory Domain Services Management Pack
■ LDAP Browser/EditorEnumeration Using NTP
Another effective way to gather information about a network and the resources on it is
through use of the Network Time Protocol (NTP). Before you look at how to exploit this
protocol for information-gathering purposes, you need to understand what the protocol
does and what purpose it serves.
NTP is a protocol used to synchronize the clocks across the hosts on a network. The
importance of the protocol is extremely high considering that directory services rely on
clock settings for logon purposes.NTP uses UDP port 123 for communication purposes.