Skip to content

Commit

Permalink
Support channel binding in rbcd.py
Browse files Browse the repository at this point in the history 
Use github.com/cannatag/ldap3#1087 to add LDAP Channel Binding support to the RBCD example script.
  • Loading branch information
@dadevel
dadevel committed Nov 28, 2023
1 parent 4b56c18 commit 7c317df
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions examples/rbcd.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -413,6 +413,7 @@ def parse_args():
help='Action to operate on msDS-AllowedToActOnBehalfOfOtherIdentity')

parser.add_argument('-use-ldaps', action='store_true', help='Use LDAPS instead of LDAP')
parser.add_argument('-use-channel-binding', action='store_true', help='Enable LDAPS Channel Binding during NTLM authenticationLDAPS ')

parser.add_argument('-ts', action='store_true', help='Adds timestamp to every logging output')
parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
Expand Down Expand Up @@ -489,14 +490,16 @@ def init_ldap_connection(target, tls_version, args, domain, username, password,
port = 389
tls = None
ldap_server = ldap3.Server(target, get_info=ldap3.ALL, port=port, use_ssl=use_ssl, tls=tls)
if use_ssl and args.use_channel_binding and not hasattr(ldap3, 'TLS_CHANNEL_BINDING'):
raise Exception('To use LDAP channel binding, install the patched ldap3 module: pip3 install git+https://github.com/ly4k/ldap3')
if args.k:
ldap_session = ldap3.Connection(ldap_server)
ldap_session.bind()
ldap3_kerberos_login(ldap_session, target, username, password, domain, lmhash, nthash, args.aesKey, kdcHost=args.dc_ip)
elif args.hashes is not None:
ldap_session = ldap3.Connection(ldap_server, user=user, password=lmhash + ":" + nthash, authentication=ldap3.NTLM, auto_bind=True)
ldap_session = ldap3.Connection(ldap_server, user=user, password=lmhash + ":" + nthash, authentication=ldap3.NTLM, auto_bind=True, channel_binding=ldap3.TLS_CHANNEL_BINDING if use_ssl and args.use_channel_binding else None)
else:
ldap_session = ldap3.Connection(ldap_server, user=user, password=password, authentication=ldap3.NTLM, auto_bind=True)
ldap_session = ldap3.Connection(ldap_server, user=user, password=password, authentication=ldap3.NTLM, auto_bind=True, channel_binding=ldap3.TLS_CHANNEL_BINDING if use_ssl and args.use_channel_binding else None)

return ldap_server, ldap_session

Expand Down

0 comments on commit 7c317df

Please sign in to comment.