ldap-injection
OfficialExploit LDAP injection vulnerabilities.
Software Engineering#data extraction#injection#penetration testing#ldap#authentication bypass#active directory
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers identify and exploit LDAP injection vulnerabilities to bypass authentication, extract sensitive directory data, and enumerate users.
Core Features & Use Cases
- Authentication Bypass: Gain unauthorized access to systems by manipulating LDAP filters.
- Data Exfiltration: Extract user credentials, group memberships, and other sensitive attributes from LDAP directories.
- User Enumeration: Discover valid usernames and associated information.
- Use Case: A penetration tester suspects an LDAP injection vulnerability in a web application's login form. They use this Skill to craft payloads that bypass the authentication mechanism and retrieve a list of all users and their associated roles.
Quick Start
Use the ldap-injection skill to attempt an authentication bypass against the target URL http://example.com/login using the username field.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: ldap-injection Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#ldap-injection Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.