K0LD
[Download
|Documentation
|Mail
]
Documentation
Disclaimer
The license for all Phenoelit tools can be found
here.
Introduction
K0LD uses the availability of anonymous binds to LDAP servers. It queries all users below a given distinguished name in the LDAP tree and tryes several passwords from a password list to bind as this user.
Because LDAP servers usually don't close connections on failed authentications, K0LD can perform an attack without the connect() and close() calls for each password - therefor preventing the 'cannot assign requested address' stuff.
How to use
./k0ld -w wordlist.txt -h ldap.host.com -b 'ou=company, c=US'
The options are:
- -w: Wordlist to try
WARNING: If your wordlist contains an empty line, K0LD will report this as a valid password, because NULL passwords are interpreted as anonymous logins !
- -h: Target host
- -f: LDAP search filter, default is (uid=*)
- -b: DN to start from
- -r: reConnect for each try, helps against intruder knockout but
is a heavy load for your host. Expect (at leat under Linux) the usual
'cannot assign requested address' message, when all connections are
in TIME_WAIT
- -T: just test the tree contents
- -v: verbose
- -I: just a little verbose
- -o: write passwords in output file given here
Windows 2000 features:
- -D: bind as this user for the enum insted of anonymous
- -W: use this password for the -D user
- -F: use these DNs to attack - don't enum. The list is in a LF seperated file.