Merge branch 'master' into patch-1

franc-pentest · Oct 6, 2024 · 6fd60ef · 6fd60ef
2 parents 5c37d73 + b014853
commit 6fd60ef
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 32 deletions.
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.0.66
+1.0.69
diff --git a/ldeep/__main__.py b/ldeep/__main__.py
@@ -26,6 +26,7 @@
     AUTHENTICATING_EKUS,
     MS_PKI_CERTIFICATE_NAME_FLAG,
     EXTENDED_RIGHTS_NAME_MAP,
+    MS_PKI_ENROLLMENT_FLAG,
     ADRights,
 )
 from ldeep._version import __version__
@@ -763,7 +764,7 @@ def list_templates(self, kwargs):
                 "displayName",
                 "pKIExpirationPeriod",
                 "msPKI-Certificate-Name-Flag",
-                "msPKI-RA-Signature",
+                "msPKI-Enrollment-Flag",
                 "pKIExtendedKeyUsage",
                 "nTSecurityDescriptor",
             ]
@@ -813,6 +814,7 @@ def list_templates(self, kwargs):
                     if result.get("name") in enabled_templates[ca]:
                         print(f"{'Enabled':<30}: True")
                         print(f"{'Certificate Authority':<30}: {ca}")
+                        break
                     else:
                         print(f"{'Enabled':<30}: False")
                 ekus = []
@@ -836,9 +838,11 @@ def list_templates(self, kwargs):
                 print(
                     f"{'Enrollee Supplies Subject':<30}: {'ENROLLEE_SUPPLIES_SUBJECT' in flags}"
                 )
-                print(
-                    f"{'Requires Manager Approval':<30}: {result.get('msPKI-RA-Signature')>0}"
+                manager_approval = (
+                    result.get("msPKI-Enrollment-Flag")
+                    & MS_PKI_ENROLLMENT_FLAG["PEND_ALL_REQUESTS"]
                 )
+                print(f"{'Requires Manager Approval':<30}: {manager_approval>0}")
 
                 if ekus:
                     print(f"{'Extended Key Usage':<30}: {ekus[0]}")
@@ -1903,14 +1907,12 @@ def action_modify_password(self, kwargs):
         try:
             if self.engine.modify_password(user, curr, new):
                 info("Password of {username} changed".format(username=user))
+            else:
+                error(
+                    f"Unable to change {user}'s password, check domain password policy or privileges"
+                )
         except LdapActiveDirectoryView.ActiveDirectoryLdapException as e:
             error(f"{e}, check sAMAccountName")
-        else:
-            error(
-                "Unable to change {username}'s password, check privileges".format(
-                    username=user
-                )
-            )
 
     def action_add_to_group(self, kwargs):
         """

diff --git a/ldeep/views/ldap_activedirectory.py b/ldeep/views/ldap_activedirectory.py
@@ -782,11 +782,6 @@ def get_sddl(self, ldapfilter, base=None, scope=None):
         return result_set
 
     def get_gmsa(self, attributes):
-        try:
-            self.ldap.start_tls()
-        except Exception as e:
-            print(f"Can't retrieve gmsa, TLS needed: {e}")
-            return []
         entries = list(
             self.query("(ObjectClass=msDS-GroupManagedServiceAccount)", attributes)
         )
@@ -797,25 +792,29 @@ def get_gmsa(self, attributes):
         for entry in entries:
             sam = entry["sAMAccountName"]
             data = entry["msDS-ManagedPassword"]
-            readers = entry["msDS-GroupMSAMembership"]
-            # Find principals who can read the password
             try:
-                readers_sd = parse_ntSecurityDescriptor(readers)
-                entry["readers"] = []
-                for ace in readers_sd["DACL"]["ACEs"]:
-                    try:
-                        reader_object = list(self.resolve_sid(ace["SID"]))
-                        if reader_object:
-                            name = reader_object[0]["sAMAccountName"]
-                            if "group" in reader_object[0]["objectClass"]:
-                                name += " (group)"
-                            entry["readers"].append(name)
-                        else:
-                            entry["readers"].append(ace["SID"])
-                    except Exception:
-                        pass
+                readers = entry["msDS-GroupMSAMembership"]
             except Exception:
-                pass
+                readers = []
+            # Find principals who can read the password
+            if readers:
+                try:
+                    readers_sd = parse_ntSecurityDescriptor(readers)
+                    entry["readers"] = []
+                    for ace in readers_sd["DACL"]["ACEs"]:
+                        try:
+                            reader_object = list(self.resolve_sid(ace["SID"]))
+                            if reader_object:
+                                name = reader_object[0]["sAMAccountName"]
+                                if "group" in reader_object[0]["objectClass"]:
+                                    name += " (group)"
+                                entry["readers"].append(name)
+                            else:
+                                entry["readers"].append(ace["SID"])
+                        except Exception:
+                            pass
+                except Exception:
+                    pass
             blob = MSDS_MANAGEDPASSWORD_BLOB()
             try:
                 blob.fromString(data)