How I Hacked NASA LDAP Server

Greetings my hacker friends,

This my second write-up on how i was able to hack NASA’ s LDAP server and pull organization sensitive information like first name , last name , designation , employee details so let’s start without wasting time

Those who are not aware about what is LDAP let me give quick summary

LDAP stands for (Lightweight Directory Access Protocol) It is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. LDAP is used to provide a central place to store usernames and passwords, and it allows applications to connect to this directory to validate user

So while searching on shodan i thought why don’t hack NASA and report it as hacking NASA is big achievement so i started looking into shodan

Dork i used (ssl:nasa.gov) and after searching all results i got IP address it has open port running 389basically LDAP service use two port 636 & 389 so to make sure 389 port is open i ran nmap to confirm open port connection and Yess i found open port with status Anonymous Bind Ok

The vulnerability i exploited here was LDAP anonymous null bind i used script code of python to exploit this vulnerability

import ldap3
server = ldap3.Server(‘X.X.X.X’, get_info = ldap3.ALL, port =389, use_ssl = False)
connection = ldap3.Connection(server)
connection.bind()

After hitting this code i got naming contexts as below

After getting results of naming contexts i decided to use last code

And finally i got some information of Organization Units , Employee Details , Employee Designation and much information and my reaction was like Yessss

Now i decided to stop here and don’t exploit it further as it is against privacy rule and policy break so i reported to NASA and within 3 days i got response from security team

And finally got letter of appreciation

Thanks for reading …