The Lightweight Directory Access Protocol $($LDAP$)$ is used major operating systems to manage $$objects$,$ including users. Because it often controls what users can and can not access, it is a popular target for injection attacks. To get a sense of what kind of data is in LDAP, and what you could do if you were able to abuse it$,$ let's look at the school's public LDAP database.

Using Isengard, first authenticate to the ADIT $($a$.$k$.$a$.$ Windows$)$ backend with:

$$>$ kinit

Once you have authenticated, you can use the following command to to search the domain $$adit$.$mines.edu$$ for Organizational Unit $$Users:CSM Users$($an organizational unit is kind of like a group$)$ for the user with the Common Name $$promig$3$

$$>$ ldapsearch $-$R adit.mines.edu $-$LLL $-$h thunderbolt.adit.mines.edu $-$b $"$OU$=$Users,OU$=$CSM Users,DC$=$adit,DC$=$mines,DC$=$edu" $"$CN$=$promig$3"$

Look through the results $-$ you can see a great deal of information! For example, what year was my account created $($provide the $4$ digit year. i$.$e$.,\text{'}1964\text{'}$ or $\text{'}2011\text{'})[$year$]?$

Think about how might a malicious individual use this information?