Skip to content

Commit

Permalink
Merge pull request #503 from Pennyw0rth/neff-add-basedn
Browse files Browse the repository at this point in the history 
Add baseDN flag to ldap
  • Loading branch information
@NeffIsBack
NeffIsBack authored Dec 11, 2024
2 parents dcb3bbd + 9997091 commit 95b1af5
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
9 changes: 6 additions & 3 deletions nxc/protocols/ldap.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -255,6 +255,7 @@ def get_ldap_username(self):

def enum_host_info(self):
self.target, self.targetDomain, self.baseDN = self.get_ldap_info(self.host)
self.baseDN = self.args.base_dn if self.args.base_dn else self.baseDN # Allow overwriting baseDN from args
self.hostname = self.target
self.remoteName = self.target
self.domain = self.targetDomain
Expand Down Expand Up @@ -697,6 +698,7 @@ def search(self, searchFilter, attributes, sizeLimit=0) -> list:
# Microsoft Active Directory set an hard limit of 1000 entries returned by any search
paged_search_control = ldapasn1_impacket.SimplePagedResultsControl(criticality=True, size=1000)
return self.ldapConnection.search(
searchBase=self.baseDN,
searchFilter=searchFilter,
attributes=attributes,
sizeLimit=sizeLimit,
Expand Down Expand Up @@ -1244,6 +1246,7 @@ def password_not_required(self):
try:
self.logger.debug(f"Search Filter={searchFilter}")
resp = self.ldapConnection.search(
searchBase=self.baseDN,
searchFilter=searchFilter,
attributes=[
"sAMAccountName",
Expand Down Expand Up @@ -1371,14 +1374,14 @@ def gmsa(self):
self.logger.display("Getting GMSA Passwords")
search_filter = "(objectClass=msDS-GroupManagedServiceAccount)"
gmsa_accounts = self.ldapConnection.search(
searchBase=self.baseDN,
searchFilter=search_filter,
attributes=[
"sAMAccountName",
"msDS-ManagedPassword",
"msDS-GroupMSAMembership",
],
sizeLimit=0,
searchBase=self.baseDN,
)
if gmsa_accounts:
self.logger.debug(f"Total of records returned {len(gmsa_accounts):d}")
Expand Down Expand Up @@ -1424,10 +1427,10 @@ def gmsa_convert_id(self):
# getting the gmsa account
search_filter = "(objectClass=msDS-GroupManagedServiceAccount)"
gmsa_accounts = self.ldapConnection.search(
searchBase=self.baseDN,
searchFilter=search_filter,
attributes=["sAMAccountName"],
sizeLimit=0,
searchBase=self.baseDN,
)
if gmsa_accounts:
self.logger.debug(f"Total of records returned {len(gmsa_accounts):d}")
Expand All @@ -1454,10 +1457,10 @@ def gmsa_decrypt_lsa(self):
# getting the gmsa account
search_filter = "(objectClass=msDS-GroupManagedServiceAccount)"
gmsa_accounts = self.ldapConnection.search(
searchBase=self.baseDN,
searchFilter=search_filter,
attributes=["sAMAccountName"],
sizeLimit=0,
searchBase=self.baseDN,
)
if gmsa_accounts:
self.logger.debug(f"Total of records returned {len(gmsa_accounts):d}")
Expand Down
3 changes: 2 additions & 1 deletion nxc/protocols/ldap/proto_args.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,8 @@ def proto_args(parser, parents):
egroup.add_argument("--asreproast", help="Output AS_REP response to crack with hashcat to file")
egroup.add_argument("--kerberoasting", help="Output TGS ticket to crack with hashcat to file")

vgroup = ldap_parser.add_argument_group("Retrieve useful information on the domain", "Options to to play with Kerberos")
vgroup = ldap_parser.add_argument_group("Retrieve useful information on the domain")
vgroup.add_argument("--base-dn", metavar="BASE_DN", dest="base_dn", type=str, default=None, help="base DN for search queries")
vgroup.add_argument("--query", nargs=2, help="Query LDAP with a custom filter and attributes")
vgroup.add_argument("--find-delegation", action="store_true", help="Finds delegation relationships within an Active Directory domain. (Enabled Accounts only)")
vgroup.add_argument("--trusted-for-delegation", action="store_true", help="Get the list of users and computers with flag TRUSTED_FOR_DELEGATION")
Expand Down

0 comments on commit 95b1af5

Please sign in to comment.