From 2f4894a6fad18bd2dc1352e68c03847aafb06df4 Mon Sep 17 00:00:00 2001 From: wil Date: Sat, 7 Sep 2024 16:00:01 +0200 Subject: [PATCH] Add --no-encryption option --- ldeep/__main__.py | 8 +++ ldeep/views/ldap_activedirectory.py | 99 ++++++++++++++++++++--------- 2 files changed, 76 insertions(+), 31 deletions(-) diff --git a/ldeep/__main__.py b/ldeep/__main__.py index 9ee75e3..698bad9 100755 --- a/ldeep/__main__.py +++ b/ldeep/__main__.py @@ -1864,6 +1864,13 @@ def main(): type=int, help="Configure the page size used by the engine to query the LDAP server (default: 1000)", ) + ldap.add_argument( + "-n", + "--no-encryption", + default=False, + action="store_true", + help="Encrypt the communication or not (default True)", + ) cache.add_argument( "-d", @@ -1964,6 +1971,7 @@ def main(): args.cert_pem, args.key_pem, method, + args.no_encryption, args.throttle, args.page_size, ) diff --git a/ldeep/views/ldap_activedirectory.py b/ldeep/views/ldap_activedirectory.py index 55bf52f..d4db5e3 100644 --- a/ldeep/views/ldap_activedirectory.py +++ b/ldeep/views/ldap_activedirectory.py @@ -296,6 +296,7 @@ def __init__( cert_pem="", key_pem="", method="NTLM", + no_encryption=False, throttle=0, page_size=1000, ): @@ -315,6 +316,7 @@ def __init__( @password: Password to use for the authentication (for SIMPLE authentication) @ntlm: NTLM hash to use for the authentication (for NTLM authentication) @method: Either to use NTLM, SIMPLE, Kerberos or anonymous authentication. + @no_encryption: Either the communication is encrypted or not. @throw ActiveDirectoryLdapException when the connection or the bind does not work. """ @@ -325,6 +327,7 @@ def __init__( self.pfx_pass = pfx_pass self.cert = cert_pem self.key = key_pem + self.no_encryption = no_encryption self.server = server self.domain = domain self.hostnames = [] @@ -421,12 +424,19 @@ def __init__( server, authentication=SASL, sasl_mechanism=KERBEROS ) else: - self.ldap = Connection( - server, - authentication=SASL, - sasl_mechanism=KERBEROS, - session_security=ENCRYPT, - ) + if self.no_encryption: + self.ldap = Connection( + server, + authentication=SASL, + sasl_mechanism=KERBEROS, + ) + else: + self.ldap = Connection( + server, + authentication=SASL, + sasl_mechanism=KERBEROS, + session_security=ENCRYPT, + ) elif method == "Certificate": self.ldap = Connection(server) elif method == "anonymous": @@ -444,23 +454,41 @@ def __init__( print("Incorrect hash, format is LMHASH:NTHASH") exit(1) if self.server.startswith("ldaps"): - self.ldap = Connection( - server, - user=f"{domain}\\{username}", - password=ntlm, - channel_binding=TLS_CHANNEL_BINDING, - authentication=NTLM, - check_names=True, - ) + if self.no_encryption: + self.ldap = Connection( + server, + user=f"{domain}\\{username}", + password=ntlm, + authentication=NTLM, + check_names=True, + ) + else: + self.ldap = Connection( + server, + user=f"{domain}\\{username}", + password=ntlm, + authentication=NTLM, + channel_binding=TLS_CHANNEL_BINDING, + check_names=True, + ) else: - self.ldap = Connection( - server, - user=f"{domain}\\{username}", - password=ntlm, - session_security=ENCRYPT, - authentication=NTLM, - check_names=True, - ) + if self.no_encryption: + self.ldap = Connection( + server, + user=f"{domain}\\{username}", + password=ntlm, + authentication=NTLM, + check_names=True, + ) + else: + self.ldap = Connection( + server, + user=f"{domain}\\{username}", + password=ntlm, + authentication=NTLM, + session_security=ENCRYPT, + check_names=True, + ) elif method == "SIMPLE": if "." in domain: domain, _, _ = domain.partition(".") @@ -487,16 +515,25 @@ def __init__( ntlm = f"{lm}:{nt}" except Exception as e: print(e) - print("Incorrect hash, format is LMHASH:NTHASH") + print("Incorrect hash, format is [LMHASH]:NTHASH") exit(1) - self.ldap = Connection( - server, - user=f"{domain}\\{username}", - password=ntlm, - session_security=ENCRYPT, - authentication=NTLM, - check_names=True, - ) + if self.no_encryption: + self.ldap = Connection( + server, + user=f"{domain}\\{username}", + password=ntlm, + authentication=NTLM, + check_names=True, + ) + else: + self.ldap = Connection( + server, + user=f"{domain}\\{username}", + password=ntlm, + authentication=NTLM, + session_security=ENCRYPT, + check_names=True, + ) try: if method == "Certificate":