hunt-ldap

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The guide explicitly instructs char-by-char blind exfiltration of sensitive attributes (e.g., userPassword) and shows scripts that capture and echo recovered password/hash values, which requires the LLM/agent to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive exploitation guide providing ready-to-run payloads and tooling to achieve LDAP/XPath auth-bypass, blind attribute/hash exfiltration, AD enumeration, credential theft, and OOB/SSRF confirmation, representing clear malicious intent and high immediate abuse potential.