[Errno 110] Connection timed out with every parameter i supply

[Jugulaire]

Hey,

First time using this tool and I got this error every time I try to dump the LDAP of my domain :

┌──(kali㉿kali)-[~]
└─$ bloodhound-python --zip -c All -d north.sevenkingdoms.local -u brandon.stark -p iseedeadpeople -dc winterfell.north.sevenkingdoms.local -ns 192.168.56.10
INFO: Found AD domain: north.sevenkingdoms.local
WARNING: Could not find a global catalog server, assuming the primary DC has this role
If this gives errors, either specify a hostname with -gc or disable gc resolution with --disable-autogc
INFO: Connecting to LDAP server: winterfell.north.sevenkingdoms.local
Traceback (most recent call last):
  File "/home/kali/.local/bin/bloodhound-python", line 8, in <module>
    sys.exit(main())
  File "/home/kali/.local/lib/python3.10/site-packages/bloodhound/__init__.py", line 310, in main
    bloodhound.run(collect=collect,
  File "/home/kali/.local/lib/python3.10/site-packages/bloodhound/__init__.py", line 79, in run
    self.pdc.prefetch_info('objectprops' in collect, 'acl' in collect, cache_computers=do_computer_enum)
  File "/home/kali/.local/lib/python3.10/site-packages/bloodhound/ad/domain.py", line 468, in prefetch_info
    self.get_objecttype()
  File "/home/kali/.local/lib/python3.10/site-packages/bloodhound/ad/domain.py", line 238, in get_objecttype
    self.ldap_connect()
  File "/home/kali/.local/lib/python3.10/site-packages/bloodhound/ad/domain.py", line 70, in ldap_connect
    ldap = self.ad.auth.getLDAPConnection(hostname=ip,
  File "/home/kali/.local/lib/python3.10/site-packages/bloodhound/ad/authentication.py", line 78, in getLDAPConnection
    if not conn.bind():
  File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 589, in bind
    self.open(read_server_info=False)
  File "/usr/lib/python3/dist-packages/ldap3/strategy/sync.py", line 57, in open
    BaseStrategy.open(self, reset_usage, read_server_info)
  File "/usr/lib/python3/dist-packages/ldap3/strategy/base.py", line 146, in open
    raise exception_history[0][0]
ldap3.core.exceptions.LDAPSocketOpenError: socket connection error while opening: [Errno 110] Connection timed out

I have tested the parameter before with a ldapsearch query and everything looks okay..
Any idea ?

[KenjiEndo15]

You may look into PR#73.
I ran into the same issue with GOAD, and I fixed it by overriding a parameter in the code.

In the file BloodHound.py/bloodhound/ad/domain.py, at ligne 69 you should write: ip = '<target_dc_ip>':

        for r in q:
            ip = r.address
        
        # Override with the target host (line 69)
        ip = '192.168.56.10'
        ldap = self.ad.auth.getLDAPConnection(hostname=ip,
                                              baseDN=self.ad.baseDN, protocol=protocol)

Quick explanation:

• If you try to use a dns resolver with your targeted DC, you'll notice that there are 2 IP. The first one is not reachable from your host, the second is (as you are using GOAD, I assume the IP looks like 192.168.56.1x). The bloodhound.py script will get stuck on the not reachable IP, and get stuck until time out.

By the way, you may want to modify your /etc/resolv.conf file as well (also /etc/hosts) to ensure everything will work fine with the domain and nameserver resolution.

It worked once. However after some modifications on the lab, it happened that I ran into a second issue which may or may not be related, I need to look further into this:
TypeError: unsupported operand type(s) for -: 'bytes' and 'datetime.datetime'

Edit: another fix that solves the timeout issue for me is to disable the Register this connection's addresses in DNS on the DC (for the Ethernet using NAT, not your private one).

For the explanation from Microsoft: Steps to avoid registering unwanted NICs in DNS on a multihomed domain controller.

I still have occasionnaly the same error with the unsupported operant type(s)...