Fix ldap kerberos login
parent
038ef95da7
commit
0f5fe00f9e
|
@ -159,7 +159,7 @@ class connection(object):
|
|||
|
||||
def login(self):
|
||||
if self.args.kerberos:
|
||||
if self.kerberos_login(self.aesKey, self.kdcHost): return True
|
||||
if self.kerberos_login(self.domain, self.aesKey, self.kdcHost): return True
|
||||
else:
|
||||
for cred_id in self.args.cred_id:
|
||||
with sem:
|
||||
|
|
|
@ -153,22 +153,24 @@ class ldap(connection):
|
|||
self.signing,
|
||||
self.smbv1))
|
||||
|
||||
def kerberos_login(self, aesKey, kdcHost):
|
||||
def kerberos_login(self, domain, aesKey, kdcHost):
|
||||
|
||||
if self.kdcHost is not None:
|
||||
target = self.kdcHost
|
||||
else:
|
||||
target = self.domain
|
||||
self.kdcHost = domain
|
||||
self.kdcHost = self.domain
|
||||
|
||||
# Create the baseDN
|
||||
self.baseDN = ''
|
||||
domainParts = self.kdcHost.split('.')
|
||||
domainParts = self.domain.split('.')
|
||||
for i in domainParts:
|
||||
self.baseDN += 'dc=%s,' % i
|
||||
# Remove last ','
|
||||
self.baseDN = self.baseDN[:-1]
|
||||
|
||||
try:
|
||||
self.ldapConnection = ldap_impacket.LDAPConnection('ldap://%s' % target, self.baseDN, self.kdcHost)
|
||||
self.ldapConnection.kerberosLogin(self.username, self.password, self.domain, self.lmhash, self.nthash,
|
||||
self.aesKey, kdcHost=self.kdcHost)
|
||||
except ldap_impacket.LDAPSessionError as e:
|
||||
|
|
|
@ -298,7 +298,7 @@ class smb(connection):
|
|||
if self.args.laps:
|
||||
self.laps_search(self.args.username, self.args.password, self.args.hash, self.domain)
|
||||
|
||||
def kerberos_login(self, aesKey, kdcHost):
|
||||
def kerberos_login(self, domain, aesKey, kdcHost):
|
||||
#Re-connect since we logged off
|
||||
self.create_conn_obj()
|
||||
# dirty code to check if user is admin but pywerview does not support kerberos auth ...
|
||||
|
|
Loading…
Reference in New Issue