Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add LDAP Channel Binding to GetUserSPNs.py #1652

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

deadjakk
Copy link
Contributor

@deadjakk deadjakk commented Nov 22, 2023

I made this for myself and thought I'd throw it up here in case anyone else wanted it.
It should fix this issue by adding LDAP channel binding support via ly4k's ldap3 fork.

I will say the solution is a little less than elegant given it uses ldap3 for all connection attempts except Kerberos which still uses the old python-ldap and SPN processing logic.

It will automagically end up using LDAP channel binding by running through the bind failures or you can force it with -ldap-channel-binding

Tested working.

@anadrianmanrique anadrianmanrique added bug Unexpected problem or unintended behavior in review This issue or pull request is being analyzed labels Nov 23, 2023
@wesgreentree
Copy link

Working as of Feb 2024. Nice work @deadjakk , hopefully they merge it soon?

@FrankSpierings
Copy link

I've installed this code in a venv including the ldap3, but using this code results in the following.

Impacket v0.12.0.dev1+20231121.174316.ffccf9b - Copyright 2023 Fortra

[*] Successfully authenticated
[-] Skipping item, cannot process due to error 'attributes'
[-] Skipping item, cannot process due to error 'attributes'
[-] Skipping item, cannot process due to error 'attributes'
[-] Skipping item, cannot process due to error list index out of range
No entries found!

Lab environment consists of a Windows 2016 DC. I'll attempt to debug the cause of the issue, but for now I believe it has something to do with ldap3 returning a different style of parameters than expected by GetUserSPNs.py.

@deadjakk
Copy link
Contributor Author

deadjakk commented Mar 6, 2024

I've installed this code in a venv including the ldap3, but using this code results in the following.

Impacket v0.12.0.dev1+20231121.174316.ffccf9b - Copyright 2023 Fortra

[*] Successfully authenticated
[-] Skipping item, cannot process due to error 'attributes'
[-] Skipping item, cannot process due to error 'attributes'
[-] Skipping item, cannot process due to error 'attributes'
[-] Skipping item, cannot process due to error list index out of range
No entries found!

Lab environment consists of a Windows 2016 DC. I'll attempt to debug the cause of the issue, but for now I believe it has something to do with ldap3 returning a different style of parameters than expected by GetUserSPNs.py.

Apologies, I did not see this, I guess the notification from GitHub slipped by me.
It is hitting this error because of the searchResRef entries, which as far as I know, are not useful to the process anyways.

I just pushed another commit that filters these out (and handles null group membership).
Screenshot below shows it working with the new commit, I'll keep a closer (read: manual) eye on this PR in case there are any more issues.

image

@anadrianmanrique anadrianmanrique self-assigned this Apr 11, 2024
@anadrianmanrique anadrianmanrique added medium Medium priority item and removed in review This issue or pull request is being analyzed labels Apr 16, 2024
@anadrianmanrique
Copy link
Contributor

Setting this PR on-hold as we are not linking either through requirements or code, against dev version of our dependencies. Let's hope ldap3 new version gets released soon. Thanks

@anadrianmanrique anadrianmanrique added the on hold Awaiting an action or decision to move forward label Apr 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Unexpected problem or unintended behavior medium Medium priority item on hold Awaiting an action or decision to move forward
Projects
None yet
4 participants