K0LD
[Download
|Documentation
|Mail
]
Documentation
Disclaimer
This program comes as it is. Use it at your own risk. This is free software with ABSOLUTELY NO WARRANTY. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of FITNESS FOR A PARTICULAR PURPOSE. It is free software but not under the terms of GNU General Public License. Modification is not permitted. Use it as it is or let it be. Redistribution is not permitted. You can give it to others for free. Exceptions are comercials: You need to ask me! Donīt use it for comercial proposes without permissions explicit given to you. You can get such permissions only from the owner of the copyrights.
Introduction
K0LD uses the availability of anonymous binds to LDAP servers. It queries all users below a given distinguished name in the LDAP tree and tryes several passwords from a password list to bind as this user.
Because LDAP servers usually don't close connections on failed authentications, K0LD can perform an attack without the connect() and close() calls for each password - therefor preventing the 'cannot assign requested address' stuff.
How to use
./k0ld -w wordlist.txt -h ldap.host.com -b 'ou=company, c=US'
The options are:
- -w: Wordlist to try
WARNING: If your wordlist contains an empty line, K0LD will report this as a valid password, because NULL passwords are interpreted as anonymous logins !
- -h: Target host
- -f: LDAP search filter, default is (uid=*)
- -b: DN to start from
- -r: reConnect for each try, helps against intruder knockout but
is a heavy load for your host. Expect (at leat under Linux) the usual
'cannot assign requested address' message, when all connections are
in TIME_WAIT
- -T: just test the tree contents
- -v: verbose
- -I: just a little verbose
- -o: write passwords in output file given here