From 4f10c0b45ab4623cee96d0c73ed3ef84b7cb5789 Mon Sep 17 00:00:00 2001 From: Alexander Neff Date: Mon, 25 Nov 2024 15:49:42 -0500 Subject: [PATCH] Update impacket so ldaps channel binding is supported --- nxc/protocols/ldap.py | 6 ------ poetry.lock | 10 +++++----- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/nxc/protocols/ldap.py b/nxc/protocols/ldap.py index 8e2905881..acc058460 100644 --- a/nxc/protocols/ldap.py +++ b/nxc/protocols/ldap.py @@ -495,15 +495,12 @@ def plaintext_login(self, domain, username, password): f"{self.domain}\\{self.username}:{process_secret(self.password)} {ldap_error_status[error_code] if error_code in ldap_error_status else ''}", color="magenta" if (error_code in ldap_error_status and error_code != 1) else "red", ) - self.logger.fail("LDAPS channel binding might be enabled, this is only supported with kerberos authentication. Try using '-k'.") else: error_code = str(e).split()[-2][:-1] self.logger.fail( f"{self.domain}\\{self.username}:{process_secret(self.password)} {ldap_error_status[error_code] if error_code in ldap_error_status else ''}", color="magenta" if (error_code in ldap_error_status and error_code != 1) else "red", ) - if proto == "ldaps": - self.logger.fail("LDAPS channel binding might be enabled, this is only supported with kerberos authentication. Try using '-k'.") return False except OSError as e: self.logger.fail(f"{self.domain}\\{self.username}:{process_secret(self.password)} {'Error connecting to the domain, are you sure LDAP service is running on the target?'} \nError: {e}") @@ -585,15 +582,12 @@ def hash_login(self, domain, username, ntlm_hash): f"{self.domain}\\{self.username}:{process_secret(nthash)} {ldap_error_status[error_code] if error_code in ldap_error_status else ''}", color="magenta" if (error_code in ldap_error_status and error_code != 1) else "red", ) - self.logger.fail("LDAPS channel binding might be enabled, this is only supported with kerberos authentication. Try using '-k'.") else: error_code = str(e).split()[-2][:-1] self.logger.fail( f"{self.domain}\\{self.username}:{process_secret(nthash)} {ldap_error_status[error_code] if error_code in ldap_error_status else ''}", color="magenta" if (error_code in ldap_error_status and error_code != 1) else "red", ) - if proto == "ldaps": - self.logger.fail("LDAPS channel binding might be enabled, this is only supported with kerberos authentication. Try using '-k'.") return False except OSError as e: self.logger.fail(f"{self.domain}\\{self.username}:{process_secret(self.password)} {'Error connecting to the domain, are you sure LDAP service is running on the target?'} \nError: {e}") diff --git a/poetry.lock b/poetry.lock index 2e6149658..6b899e7d9 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand. +# This file is automatically @generated by Poetry 1.8.4 and should not be changed by hand. [[package]] name = "aardwolf" @@ -894,7 +894,7 @@ all = ["flake8 (>=7.1.1)", "mypy (>=1.11.2)", "pytest (>=8.3.2)", "ruff (>=0.6.2 [[package]] name = "impacket" -version = "0.13.0.dev0+20240916.171021.65b774de" +version = "0.13.0.dev0+20241125.162952.ea27e8b2" description = "Network protocols Constructors and Dissectors" optional = false python-versions = "*" @@ -902,12 +902,12 @@ files = [] develop = false [package.dependencies] -charset-normalizer = "*" +charset_normalizer = "*" flask = ">=1.0" ldap3 = ">2.5.0,<2.5.2 || >2.5.2,<2.6 || >2.6" ldapdomaindump = ">=0.9.0" pyasn1 = ">=0.2.3" -pyasn1-modules = "*" +pyasn1_modules = "*" pycryptodomex = "*" pyOpenSSL = "24.0.0" pyreadline3 = {version = "*", markers = "sys_platform == \"win32\""} @@ -918,7 +918,7 @@ six = "*" type = "git" url = "https://github.com/fortra/impacket.git" reference = "HEAD" -resolved_reference = "65b774ded17a79f1041397202852eab0c24cd039" +resolved_reference = "ea27e8b2dfedf57370d2f65c5053a2b8eeb8ca9d" [[package]] name = "iniconfig"