vuLnDAP is a deliberately vulnerable web application to demonstrate exploiting business logic flaws in a site based on LDAP.
For more information see the project homepage.
If you get stuck and need help, I’ve written a walkthrough.
If you want to have a play, but do not want to install it yourself, you can use my copy. Please do not abuse this, the vulnerabilities are in the application, do not expect to get anywhere with port scans or by running Nessus against it.
go get github.com/digininja/vuLnDAP
Change into the vuLnDAP directory which will probably be ~/go/src/github.com/digininja/vuLnDAP then run the following command to install the dependencies:
go get -d ./…
You can then build the app with:
And if all goes well you’ll get a vuLnDAP binary which you can run with:
The web server starts up listening on port 9090 on all interfaces, this can be changed by updating the values in the web server section of vulndap.cfg.
Copyright (C) 2018 Robin