Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement custom port option for LDAP communication #1853

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
+51 −20
Open

Implement custom port option for LDAP communication #1853

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dc1436b
ldap: Add option to specify custom port
TheOnAndOnlyZenomat Nov 25, 2024
c263d02
examples: implement ldap custom port change
TheOnAndOnlyZenomat Nov 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 6 additions & 2 deletions examples/GetADComputers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ def __init__(self, username, password, domain, cmdLineOptions):
self.__doKerberos = cmdLineOptions.k
#[!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
self.__requestUser = cmdLineOptions.user
self.__resolveIP = cmdLineOptions.resolveIP
Expand Down Expand Up @@ -196,7 +197,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -205,7 +206,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -267,6 +268,9 @@ def run(self):
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')

group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down
7 changes: 5 additions & 2 deletions examples/GetADUsers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ def __init__(self, username, password, domain, cmdLineOptions):
self.__doKerberos = cmdLineOptions.k
#[!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
self.__requestUser = cmdLineOptions.user
self.__all = cmdLineOptions.all
Expand Down Expand Up @@ -149,7 +150,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -158,7 +159,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -229,6 +230,8 @@ def run(self):
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down
9 changes: 6 additions & 3 deletions examples/GetLAPSPassword.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ def __init__(self, username, password, domain, cmdLineOptions):
self.__aesKey = cmdLineOptions.aesKey
self.__doKerberos = cmdLineOptions.k
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
self.__targetComputer = cmdLineOptions.computer
self.__outputFile = cmdLineOptions.outputfile
Expand Down Expand Up @@ -199,7 +200,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -208,7 +209,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -326,6 +327,8 @@ def run(self):
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down Expand Up @@ -366,4 +369,4 @@ def run(self):
if logging.getLogger().level == logging.DEBUG:
import traceback
traceback.print_exc()
logging.error(str(e))
logging.error(str(e))
7 changes: 5 additions & 2 deletions examples/GetNPUsers.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ def __init__(self, username, password, domain, cmdLineOptions):
self.__requestTGT = cmdLineOptions.request
#[!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
if cmdLineOptions.hashes is not None:
self.__lmhash, self.__nthash = cmdLineOptions.hashes.split(':')
Expand Down Expand Up @@ -256,7 +257,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -265,7 +266,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -413,6 +414,8 @@ def request_multiple_TGTs(self, usernames):
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down
7 changes: 5 additions & 2 deletions examples/GetUserSPNs.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ def __init__(self, username, password, user_domain, target_domain, cmdLineOption
self.__requestTGS = cmdLineOptions.request
# [!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
self.__saveTGS = cmdLineOptions.save
self.__requestUser = cmdLineOptions.request_user
Expand Down Expand Up @@ -269,7 +270,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -279,7 +280,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -525,6 +526,8 @@ def request_multiple_TGSs(self, usernames):
'ommited it use the domain part (FQDN) '
'specified in the target parameter. Ignored'
'if -target-domain is specified.')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down
6 changes: 5 additions & 1 deletion examples/changepasswd.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,7 @@ def __init__(
doKerberos=False,
aesKey="",
kdcHost=None,
kdcPort=None,
):
"""
Instantiate password change or reset with the credentials of the account making the changes.
Expand Down Expand Up @@ -602,7 +603,7 @@ def connect(self, targetDomain):

logging.debug(f"Connecting to {ldapURI} as {self.domain}\\{self.username}")
try:
ldapConnection = ldap.LDAPConnection(ldapURI, self.baseDN, self.address)
ldapConnection = ldap.LDAPConnection(ldapURI, self.baseDN, self.address, self.kdcPort)
if not self.doKerberos:
ldapConnection.login(self.username, self.password, self.domain, self.pwdHashLM, self.pwdHashNT)
else:
Expand Down Expand Up @@ -820,6 +821,8 @@ def parse_args():
"in the target parameter"
),
)
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')

if len(sys.argv) == 1:
parser.print_help()
Expand Down Expand Up @@ -945,6 +948,7 @@ def parse_args():
doKerberos,
options.aesKey,
kdcHost=options.dc_ip,
kdcPort=options.dc_port,
)

# Attempt the password change/reset
Expand Down
7 changes: 5 additions & 2 deletions examples/findDelegation.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ def __init__(self, username, password, user_domain, target_domain, cmdLineOption
self.__doKerberos = cmdLineOptions.k
#[!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
if cmdLineOptions.hashes is not None:
self.__lmhash, self.__nthash = cmdLineOptions.hashes.split(':')
Expand Down Expand Up @@ -147,7 +148,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -156,7 +157,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -300,6 +301,8 @@ def run(self):
'ommited it use the domain part (FQDN) '
'specified in the target parameter. Ignored'
'if -target-domain is specified.')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down
7 changes: 5 additions & 2 deletions examples/secretsdump.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ def __init__(self, remoteName, username='', password='', domain='', options=None
self.__resumeFileName = options.resumefile
self.__canProcessSAMLSA = True
self.__kdcHost = options.dc_ip
self.__kdcPort = options.dc_port
self.__remoteSSMethod = options.use_remoteSSMethod
self.__remoteSSMethodRemoteVolume = options.remoteSS_remote_volume
self.__remoteSSMethodDownloadPath = options.remoteSS_local_path
Expand Down Expand Up @@ -153,7 +154,7 @@ def ldapConnect(self):
self.baseDN = self.baseDN[:-1]

try:
self.__ldapConnection = LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcHost)
self.__ldapConnection = LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
self.__ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -162,7 +163,7 @@ def ldapConnect(self):
except LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
self.__ldapConnection = LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcHost)
self.__ldapConnection = LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
self.__ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -457,6 +458,8 @@ def cleanup(self):
group = parser.add_argument_group('connection')
group.add_argument('-dc-ip', action='store',metavar = "ip address", help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) specified in the target parameter')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-target-ip', action='store', metavar="ip address",
help='IP Address of the target machine. If omitted it will use whatever was specified as target. '
'This is useful when target is the NetBIOS name and you cannot resolve it')
Expand Down
Loading