Skip to content

Commit

Permalink
Merge pull request #126 from franc-pentest/Fix-anonymous_bind
Browse files Browse the repository at this point in the history 
Fix anonymous bind
  • Loading branch information
@tiyeuse
tiyeuse authored Jan 10, 2025
2 parents 2ecb461 + adbdc68 commit fcbbce5
Show file tree
Hide file tree
Showing 4 changed files with 24 additions and 21 deletions.
20 changes: 10 additions & 10 deletions README.rst
100644 → 100755
View file
Original file line number Diff line number Diff line change
Expand Up @@ -159,11 +159,10 @@ LDAP
::

$ ldeep ldap -h
usage: ldeep ldap [-h] -d DOMAIN -s LDAPSERVER [-b BASE] [-t {ntlm,simple}] [--throttle THROTTLE] [--page_size PAGE_SIZE]
[-u USERNAME] [-p PASSWORD] [-H NTLM] [-k] [--pfx-file PFX_FILE] [--pfx-pass PFX_PASS] [--cert-pem CERT_PEM]
[--key-pem KEY_PEM] [-a]
{auth_policies,bitlockerkeys,computers,conf,delegations,domain_policy,fsmo,gmsa,gpo,groups,machines,ou,pkis,pso,sccm,shadow_principals,silos,smsa,subnets,trusts,users,zones,from_guid,from_sid,laps,memberships,membersof,object,sddl,silo,zone,all,enum_users,search,whoami,add_to_group,create_computer,create_user,modify_password,remove_from_group,unlock}
...
usage: ldeep - 1.0.80 ldap [-h] -d DOMAIN -s LDAPSERVER [-b BASE] [-t {ntlm,simple}] [--throttle THROTTLE] [--page_size PAGE_SIZE] [-n] [-u USERNAME] [-p PASSWORD] [-H NTLM] [-k] [--pfx-file PFX_FILE]
[--pfx-pass PFX_PASS] [--cert-pem CERT_PEM] [--key-pem KEY_PEM] [-a]
{auth_policies,bitlockerkeys,computers,conf,delegations,domain_policy,fsmo,gmsa,gpo,groups,machines,ou,pkis,pso,sccm,shadow_principals,silos,smsa,subnets,templates,trusts,users,zones,from_guid,from_sid,laps,memberships,membersof,object,sddl,silo,zone,all,enum_users,search,whoami,add_to_group,change_uac,create_computer,create_user,modify_password,remove_from_group,unlock}
...

LDAP mode

Expand All @@ -175,11 +174,11 @@ LDAP
The LDAP path (ex : ldap://corp.contoso.com:389)
-b BASE, --base BASE LDAP base for query (by default, this value is pulled from remote Ldap)
-t {ntlm,simple}, --type {ntlm,simple}
Authentication type: ntlm (default) or simple
--throttle THROTTLE Add a throttle between queries to sneak under detection thresholds (in seconds between queries:
argument to the sleep function)
Authentication type: ntlm (default) or simple. Simple bind will always be in cleartext with ldap (not ldaps)
--throttle THROTTLE Add a throttle between queries to sneak under detection thresholds (in seconds between queries: argument to the sleep function)
--page_size PAGE_SIZE
Configure the page size used by the engine to query the LDAP server (default: 1000)
-n, --no-encryption Encrypt the communication or not (default: encrypted, except with simple bind and ldap)

NTLM authentication:
-u USERNAME, --username USERNAME
Expand All @@ -203,15 +202,15 @@ LDAP
commands:
available commands

{auth_policies,bitlockerkeys,computers,conf,delegations,domain_policy,fsmo,gmsa,gpo,groups,machines,ou,pkis,pso,sccm,shadow_principals,silos,smsa,subnets,trusts,users,zones,from_guid,from_sid,laps,memberships,membersof,object,sddl,silo,zone,all,enum_users,search,whoami,add_to_group,change_uac,create_computer,create_user,modify_password,remove_from_group,unlock}
{auth_policies,bitlockerkeys,computers,conf,delegations,domain_policy,fsmo,gmsa,gpo,groups,machines,ou,pkis,pso,sccm,shadow_principals,silos,smsa,subnets,templates,trusts,users,zones,from_guid,from_sid,laps,memberships,membersof,object,sddl,silo,zone,all,enum_users,search,whoami,add_to_group,change_uac,create_computer,create_user,modify_password,remove_from_group,unlock}
auth_policies List the authentication policies configured in the Active Directory.
bitlockerkeys Extract the bitlocker recovery keys.
computers List the computer hostnames and resolve them if --resolve is specify.
conf Dump the configuration partition of the Active Directory.
delegations List accounts configured for any kind of delegation.
domain_policy Return the domain policy.
fsmo List FSMO roles.
gmsa List the gmsa accounts and retrieve NT hash if possible.
gmsa List the gmsa accounts and retrieve secrets(NT + kerberos keys) if possible.
gpo Return the list of Group policy objects.
groups List the groups.
machines List the machine accounts.
Expand All @@ -223,6 +222,7 @@ LDAP
silos List the silos configured in the Active Directory.
smsa List the smsa accounts and the machines they are associated with.
subnets List sites and associated subnets.
templates List certificate templates.
trusts List the domain's trust relationships.
users List users according to a filter.
zones List the DNS zones configured in the Active Directory.
Expand Down
2 changes: 1 addition & 1 deletion VERSION
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.0.80
1.0.81
21 changes: 12 additions & 9 deletions ldeep/__main__.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1895,7 +1895,7 @@ def misc_all(self, kwargs):

def misc_enum_users(self, kwargs):
"""
Anonymously enumerate users with LDAP pings.
Anonymously enumerate enabled users with LDAP pings.
Arguments:
#file:string
Expand All @@ -1912,14 +1912,17 @@ def misc_enum_users(self, kwargs):

file = kwargs["file"]
delay = kwargs["delay"]
with open(file, "r") as f:
while True:
line = f.readline()[:-1]
if not line:
break
if self.engine.user_exists(line):
print(line)
sleep(delay / 1000)
try:
with open(file, "r") as f:
while True:
line = f.readline()[:-1]
if not line:
break
if self.engine.user_exists(line):
print(line)
sleep(delay / 1000)
except FileNotFoundError:
error(f"Can't find file {file}")

def misc_whoami(self, kwargs):
"""
Expand Down
2 changes: 1 addition & 1 deletion ldeep/views/ldap_activedirectory.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -545,7 +545,7 @@ def __init__(
break
self.ldap.search(
search_base=anon_base,
search_filter="(&(objectClass=domain))",
search_filter="(objectClass=*)",
search_scope="SUBTREE",
attributes="*",
)
Expand Down

0 comments on commit fcbbce5

Please sign in to comment.