Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update httprelayclient.py to force NTLM auth if anonymous auth is enabled (ADCS) #1432

Merged
merged 1 commit into from
Apr 11, 2023
Merged

Update httprelayclient.py to force NTLM auth if anonymous auth is enabled (ADCS) #1432

merged 1 commit into from
Apr 11, 2023

Conversation

nobbd
Copy link
Contributor

@nobbd nobbd commented Oct 31, 2022

The httprelayclient has an option where it tries "sending NTLM auth anyways" if the --adcs flag is specified.
The client will however not set the variable self.authenticationMethod and the code will subsequently fail.

If the variable is not set, the following error will occur:

[*] Status code returned: 200. Authentication does not seem required for URL
[-] No authentication requested by the server for url XXX
[*] IIS cert server may allow anonymous authentication, sending NTLM auth anyways
[+] Exception:
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/impacket/examples/ntlmrelayx/servers/smbrelayserver.py", line 286, in SmbSessionSetup
    challengeMessage = self.do_ntlm_negotiate(client, token)
  File "/usr/lib/python3/dist-packages/impacket/examples/ntlmrelayx/servers/smbrelayserver.py", line 866, in do_ntlm_negotiate
    return client.sendNegotiate(token)
  File "/usr/lib/python3/dist-packages/impacket/examples/ntlmrelayx/clients/httprelayclient.py", line 83, in sendNegotiate
    serverChallengeBase64 = re.search(('%s ([a-zA-Z0-9+/]+={0,2})' % self.authenticationMethod), res.getheader('WWW-Authenticate')).group(1)
  File "/usr/lib/python3.10/re.py", line 200, in search
    return _compile(pattern, flags).search(string)
TypeError: expected string or bytes-like object

This pull requests sets the self.authenticationMethod to NTLM if the respective branch is executed.

@nobbd
Update httprelayclient.py to force NTLM auth
f1aba9c 
To prevent errors (variable is not set) if anonymous auth is enabled
@ShutdownRepo ShutdownRepo mentioned this pull request Jan 10, 2023
Merged
@anadrianmanrique anadrianmanrique added the medium Medium priority item label Feb 16, 2023
@0xdeaddood
Copy link
Collaborator

Thanks @nobbd! Merging...

@0xdeaddood 0xdeaddood merged commit 4d45b43 into fortra:master Apr 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@0xdeaddood 0xdeaddood

Labels
medium Medium priority item
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nobbd @0xdeaddood @anadrianmanrique