Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix kerberos and AES auth #25

Merged
merged 1 commit into from
Nov 28, 2023
Merged

Fix kerberos and AES auth #25

merged 1 commit into from
Nov 28, 2023

Conversation

lefayjey
Copy link
Contributor

Hello,

Please refer to: p0dalirius/sectools#5
The updated tool depends on the update of sectools.

Thanks!

@lefayjey
Copy link
Contributor Author

Before updates (ccache and AES)

python3 /opt/old/FindUncommonShares.py -d essos.local -u daenerys.targaryen --dc-ip 192.168.56.12 -k --no-pass
FindUncommonShares v3.0 - by @podalirius_

Traceback (most recent call last):
  File "/opt/old/FindUncommonShares.py", line 657, in <module>
    mdns.check_wildcard_dns()
  File "/opt/old/FindUncommonShares.py", line 115, in check_wildcard_dns
    ldap_server, ldap_session = init_ldap_session(
                                ^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/sectools/windows/ldap.py", line 65, in init_ldap_session
    return __init_ldap_connection(
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/sectools/windows/ldap.py", line 33, in __init_ldap_connection
    ldap_session = ldap3.Connection(ldap_server, user=user, password=password, authentication=ldap3.NTLM, auto_bind=True)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/ldap3/core/connection.py", line 363, in __init__
    self._do_auto_bind()
  File "/usr/local/lib/python3.11/dist-packages/ldap3/core/connection.py", line 389, in _do_auto_bind
    self.bind(read_server_info=True)
  File "/usr/local/lib/python3.11/dist-packages/ldap3/core/connection.py", line 635, in bind
    raise LDAPUnknownAuthenticationMethodError(self.last_error)
ldap3.core.exceptions.LDAPUnknownAuthenticationMethodError: NTLM needs domain\username and a password

python3 /opt/old/FindUncommonShares.py -d essos.local -u daenerys.targaryen --aes-key cf091fbd07f729567ac448ba96c08b12fa67c1372f439ae093f67c6e2cf82378 --dc-ip 192.168.56.12 
FindUncommonShares v3.0 - by @podalirius_

Password:
Traceback (most recent call last):
  File "/opt/old/FindUncommonShares.py", line 657, in <module>
    mdns.check_wildcard_dns()
  File "/opt/old/FindUncommonShares.py", line 115, in check_wildcard_dns
    ldap_server, ldap_session = init_ldap_session(
                                ^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/sectools/windows/ldap.py", line 65, in init_ldap_session
    return __init_ldap_connection(
           ^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/sectools/windows/ldap.py", line 33, in __init_ldap_connection
    ldap_session = ldap3.Connection(ldap_server, user=user, password=password, authentication=ldap3.NTLM, auto_bind=True)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/ldap3/core/connection.py", line 363, in __init__
    self._do_auto_bind()
  File "/usr/local/lib/python3.11/dist-packages/ldap3/core/connection.py", line 389, in _do_auto_bind
    self.bind(read_server_info=True)
  File "/usr/local/lib/python3.11/dist-packages/ldap3/core/connection.py", line 635, in bind
    raise LDAPUnknownAuthenticationMethodError(self.last_error)
ldap3.core.exceptions.LDAPUnknownAuthenticationMethodError: NTLM needs domain\username and a password

After updates

python3 /opt/new/FindUncommonShares.py -d essos.local -u daenerys.targaryen -k --dc-ip 192.168.56.12 --kdcHost MEEREEN --no-pass
FindUncommonShares v3.0 - by @podalirius_

[>] Extracting all computers ...
[+] Found 2 computers in the domain. 

[>] Enumerating shares ...
[>] Found 'all' on 'braavos.essos.local' (comment: 'Basic RW share for all') 
[>] Found 'CertEnroll' on 'braavos.essos.local' (comment: 'Active Directory Certificate Services share') 
[>] Found 'public' on 'braavos.essos.local' (comment: 'Basic Read share for all domain users') 
[+] Bye Bye!

python3 /opt/new/FindUncommonShares.py -d essos.local -u daenerys.targaryen --aes-key cf091fbd07f729567ac448ba96c08b12fa67c1372f439ae093f67c6e2cf82378 --dc-ip 192.168.56.12 --kdcHost MEEREEN
FindUncommonShares v3.0 - by @podalirius_

[>] Extracting all computers ...
[+] Found 2 computers in the domain. 

[>] Enumerating shares ...
[>] Found 'all' on 'braavos.essos.local' (comment: 'Basic RW share for all') 
[>] Found 'CertEnroll' on 'braavos.essos.local' (comment: 'Active Directory Certificate Services share') 
[>] Found 'public' on 'braavos.essos.local' (comment: 'Basic Read share for all domain users') 
[+] Bye Bye!

@p0dalirius p0dalirius merged commit a344b2e into p0dalirius:main Nov 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lefayjey @p0dalirius