Scripted LDAP Probe w/username and password

robert.mcclain · ‎10-08-2013

I have a scripted LDAP rpobe currently in use. It uses the anonymous bind authentication to work and it works just fine. However they want to go to a username and password instead for security reasons. So I used the script that was previously supplied on this forum to create the HEX. See below:

$username = "uid=XXXXXX,cn=support,dc=enterprise,dc=com";

$password = "XXXXX";

$len_username = length($username);

$xlen_username = sprintf("%02x", $len_username); $len_password = length($password); $xlen_password = sprintf("%02x", $len_password);

$username =~s/(.)/sprintf("%x",ord($1))/eg; $password =~s/(.)/sprintf("%x",ord($1))/eg;

$temp = "020103" . "04" . $xlen_username . $username . "80" . $xlen_password . $password; $tlen = length($temp) / 2; $xtlen = sprintf("%02x",$tlen);

$temp = "020101" . "60" . $xtlen . $temp;

$tlen = length($temp) / 2;

$xtlen = sprintf("%02x",$tlen);

$temp = "30" . $xtlen . $temp;

print $temp . "\n";

I get this result in HEX, (last 6 characters are changed )

303e0201016039020103042b7569643d214c4242494e442c636e3d737570706f72742c64633d656e74657270726973652c64633d636f6d800742316e64XXXXXX

I added them to the Probe script here:

ace_debug "sending ldap bind request"

puts -nonewline $sock [ binary format "H*" NEW HEX STRING ]

flush $sock

However this doesn't work, am I putting this new HEX string in the proper place or does everything look right?

chrhiggi · ‎10-24-2013

Robert-

The string length maximum is 127 characters, you ended up with 128 somehow. The string you send is specific to a few things, like the server type, how the array is created, etc. You should check out this thread: https://supportforums.cisco.com/message/3613048#3613048 It has some decent information on it.

Chris