Skip to content

Commit

Permalink
Support channel binding in rbcd.py
Browse files Browse the repository at this point in the history
Use cannatag/ldap3#1087 to add LDAP Channel Binding support to the RBCD example script.
  • Loading branch information
dadevel committed Nov 28, 2023
1 parent 4b56c18 commit 33282b4
Showing 1 changed file with 10 additions and 2 deletions.
12 changes: 10 additions & 2 deletions examples/rbcd.py
Original file line number Diff line number Diff line change
Expand Up @@ -413,6 +413,7 @@ def parse_args():
help='Action to operate on msDS-AllowedToActOnBehalfOfOtherIdentity')

parser.add_argument('-use-ldaps', action='store_true', help='Use LDAPS instead of LDAP')
parser.add_argument('-use-channel-binding', action='store_true', help='Enable LDAPS Channel Binding during NTLM authentication')

parser.add_argument('-ts', action='store_true', help='Adds timestamp to every logging output')
parser.add_argument('-debug', action='store_true', help='Turn DEBUG output ON')
Expand Down Expand Up @@ -489,14 +490,21 @@ def init_ldap_connection(target, tls_version, args, domain, username, password,
port = 389
tls = None
ldap_server = ldap3.Server(target, get_info=ldap3.ALL, port=port, use_ssl=use_ssl, tls=tls)
if use_ssl and args.use_channel_binding:
try:
channel_binding = dict(channel_binding=ldap3.TLS_CHANNEL_BINDING)
except AttributeError as e:
raise RuntimeError('To use LDAP channel binding, install the patched ldap3 module: pip3 install git+https://github.com/ly4k/ldap3') from e
else:
channel_binding = dict()
if args.k:
ldap_session = ldap3.Connection(ldap_server)
ldap_session.bind()
ldap3_kerberos_login(ldap_session, target, username, password, domain, lmhash, nthash, args.aesKey, kdcHost=args.dc_ip)
elif args.hashes is not None:
ldap_session = ldap3.Connection(ldap_server, user=user, password=lmhash + ":" + nthash, authentication=ldap3.NTLM, auto_bind=True)
ldap_session = ldap3.Connection(ldap_server, user=user, password=lmhash + ":" + nthash, authentication=ldap3.NTLM, auto_bind=True, **channel_binding)
else:
ldap_session = ldap3.Connection(ldap_server, user=user, password=password, authentication=ldap3.NTLM, auto_bind=True)
ldap_session = ldap3.Connection(ldap_server, user=user, password=password, authentication=ldap3.NTLM, auto_bind=True, **channel_binding)

return ldap_server, ldap_session

Expand Down

0 comments on commit 33282b4

Please sign in to comment.