Skip to content

Commit

Permalink
examples: implement ldap custom port change
Browse files Browse the repository at this point in the history
  • Loading branch information
TheOnAndOnlyZenomat committed Nov 25, 2024
1 parent dc1436b commit c263d02
Show file tree
Hide file tree
Showing 8 changed files with 42 additions and 16 deletions.
8 changes: 6 additions & 2 deletions examples/GetADComputers.py
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ def __init__(self, username, password, domain, cmdLineOptions):
self.__doKerberos = cmdLineOptions.k
#[!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
self.__requestUser = cmdLineOptions.user
self.__resolveIP = cmdLineOptions.resolveIP
Expand Down Expand Up @@ -196,7 +197,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -205,7 +206,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -267,6 +268,9 @@ def run(self):
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')

group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down
7 changes: 5 additions & 2 deletions examples/GetADUsers.py
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ def __init__(self, username, password, domain, cmdLineOptions):
self.__doKerberos = cmdLineOptions.k
#[!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
self.__requestUser = cmdLineOptions.user
self.__all = cmdLineOptions.all
Expand Down Expand Up @@ -149,7 +150,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -158,7 +159,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -229,6 +230,8 @@ def run(self):
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down
9 changes: 6 additions & 3 deletions examples/GetLAPSPassword.py
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ def __init__(self, username, password, domain, cmdLineOptions):
self.__aesKey = cmdLineOptions.aesKey
self.__doKerberos = cmdLineOptions.k
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
self.__targetComputer = cmdLineOptions.computer
self.__outputFile = cmdLineOptions.outputfile
Expand Down Expand Up @@ -199,7 +200,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -208,7 +209,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -326,6 +327,8 @@ def run(self):
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down Expand Up @@ -366,4 +369,4 @@ def run(self):
if logging.getLogger().level == logging.DEBUG:
import traceback
traceback.print_exc()
logging.error(str(e))
logging.error(str(e))
7 changes: 5 additions & 2 deletions examples/GetNPUsers.py
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ def __init__(self, username, password, domain, cmdLineOptions):
self.__requestTGT = cmdLineOptions.request
#[!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
if cmdLineOptions.hashes is not None:
self.__lmhash, self.__nthash = cmdLineOptions.hashes.split(':')
Expand Down Expand Up @@ -256,7 +257,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -265,7 +266,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -413,6 +414,8 @@ def request_multiple_TGTs(self, usernames):
group.add_argument('-dc-ip', action='store', metavar='ip address', help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) '
'specified in the target parameter')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down
7 changes: 5 additions & 2 deletions examples/GetUserSPNs.py
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ def __init__(self, username, password, user_domain, target_domain, cmdLineOption
self.__requestTGS = cmdLineOptions.request
# [!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
self.__saveTGS = cmdLineOptions.save
self.__requestUser = cmdLineOptions.request_user
Expand Down Expand Up @@ -269,7 +270,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -279,7 +280,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -525,6 +526,8 @@ def request_multiple_TGSs(self, usernames):
'ommited it use the domain part (FQDN) '
'specified in the target parameter. Ignored'
'if -target-domain is specified.')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down
6 changes: 5 additions & 1 deletion examples/changepasswd.py
Original file line number Diff line number Diff line change
Expand Up @@ -150,6 +150,7 @@ def __init__(
doKerberos=False,
aesKey="",
kdcHost=None,
kdcPort=None,
):
"""
Instantiate password change or reset with the credentials of the account making the changes.
Expand Down Expand Up @@ -602,7 +603,7 @@ def connect(self, targetDomain):

logging.debug(f"Connecting to {ldapURI} as {self.domain}\\{self.username}")
try:
ldapConnection = ldap.LDAPConnection(ldapURI, self.baseDN, self.address)
ldapConnection = ldap.LDAPConnection(ldapURI, self.baseDN, self.address, self.kdcPort)
if not self.doKerberos:
ldapConnection.login(self.username, self.password, self.domain, self.pwdHashLM, self.pwdHashNT)
else:
Expand Down Expand Up @@ -820,6 +821,8 @@ def parse_args():
"in the target parameter"
),
)
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')

if len(sys.argv) == 1:
parser.print_help()
Expand Down Expand Up @@ -945,6 +948,7 @@ def parse_args():
doKerberos,
options.aesKey,
kdcHost=options.dc_ip,
kdcPort=options.dc_port,
)

# Attempt the password change/reset
Expand Down
7 changes: 5 additions & 2 deletions examples/findDelegation.py
Original file line number Diff line number Diff line change
Expand Up @@ -89,6 +89,7 @@ def __init__(self, username, password, user_domain, target_domain, cmdLineOption
self.__doKerberos = cmdLineOptions.k
#[!] in this script the value of -dc-ip option is self.__kdcIP and the value of -dc-host option is self.__kdcHost
self.__kdcIP = cmdLineOptions.dc_ip
self.__kdcPort = cmdLineOptions.dc_port
self.__kdcHost = cmdLineOptions.dc_host
if cmdLineOptions.hashes is not None:
self.__lmhash, self.__nthash = cmdLineOptions.hashes.split(':')
Expand Down Expand Up @@ -147,7 +148,7 @@ def run(self):

# Connect to LDAP
try:
ldapConnection = ldap.LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -156,7 +157,7 @@ def run(self):
except ldap.LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
ldapConnection = ldap.LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcIP)
ldapConnection = ldap.LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -300,6 +301,8 @@ def run(self):
'ommited it use the domain part (FQDN) '
'specified in the target parameter. Ignored'
'if -target-domain is specified.')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-dc-host', action='store', metavar='hostname', help='Hostname of the domain controller to use. '
'If ommited, the domain part (FQDN) '
'specified in the account parameter will be used')
Expand Down
7 changes: 5 additions & 2 deletions examples/secretsdump.py
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,7 @@ def __init__(self, remoteName, username='', password='', domain='', options=None
self.__resumeFileName = options.resumefile
self.__canProcessSAMLSA = True
self.__kdcHost = options.dc_ip
self.__kdcPort = options.dc_port
self.__remoteSSMethod = options.use_remoteSSMethod
self.__remoteSSMethodRemoteVolume = options.remoteSS_remote_volume
self.__remoteSSMethodDownloadPath = options.remoteSS_local_path
Expand Down Expand Up @@ -153,7 +154,7 @@ def ldapConnect(self):
self.baseDN = self.baseDN[:-1]

try:
self.__ldapConnection = LDAPConnection('ldap://%s' % self.__target, self.baseDN, self.__kdcHost)
self.__ldapConnection = LDAPConnection('ldap://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
self.__ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand All @@ -162,7 +163,7 @@ def ldapConnect(self):
except LDAPSessionError as e:
if str(e).find('strongerAuthRequired') >= 0:
# We need to try SSL
self.__ldapConnection = LDAPConnection('ldaps://%s' % self.__target, self.baseDN, self.__kdcHost)
self.__ldapConnection = LDAPConnection('ldaps://%s:%s' % (self.__target, self.__kdcPort), self.baseDN, self.__kdcIP, self.__kdcPort)
if self.__doKerberos is not True:
self.__ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
else:
Expand Down Expand Up @@ -457,6 +458,8 @@ def cleanup(self):
group = parser.add_argument_group('connection')
group.add_argument('-dc-ip', action='store',metavar = "ip address", help='IP Address of the domain controller. If '
'ommited it use the domain part (FQDN) specified in the target parameter')
group.add_argument('-dc-port', action='store', metavar='port', help='Port of the domain controller. '
'Port used to communicate with the dc, instead of the default port')
group.add_argument('-target-ip', action='store', metavar="ip address",
help='IP Address of the target machine. If omitted it will use whatever was specified as target. '
'This is useful when target is the NetBIOS name and you cannot resolve it')
Expand Down

0 comments on commit c263d02

Please sign in to comment.