As we mentioned before on an old post, Ribadeo Hack Lab was invited to contribute with and article/paper for the new Hack In The Box magazine.
The article was about "LDAP Injection, attack and defense techniques".
You can get the ezine at: https://www.hackinthebox.org/misc/HITB-Ezine-Issue-001.pdf
You can get the original article (without ezine format) here
In order to write it, we used a lot of material, but not all of it was mentioned in the article.
Here you can find the whole reference used, with which you can gain full knowledge about LDAP in all aspects.
If you need to do some SQL Server 2005 or 2008 audit activities on DDL and DML operations this tool may help you.
Download: Effective Permissions Tool
In order to use the tool you need sysadmin privileges and xp_cmdshell enabled on the database server.
Before running it, create the following stored procedures on master db:
If you are interested on some more details you can see our slides (only spanish, sorry...)
This is a presentation Hernan S. Abbamonte did some time ago.
It contains a summary of some common web app attacks.
The document and slides are in spanish only.
Playing around with Process Hacker (a really nice tool), we found that SQL Server Management Studio 2008 stores connection strings in plain text in memory.
Using the Process Hacker memory search utility we can get that information.
To do this you must have enough privileges to read other process memory, but let's assume you have that.
In order to see the password you can follow this steps:
Some time ago, we decided to make a list of all "MUST HAVE" tools for a reversing environment.
Here is what came out.
We know there are many tools out there we haven't heard of, so feel free to suggest any other that it is not here.
This list is for Windows OS only.
Reversing Tools
