From 5040ab6b40397b5e5b772d0a6cf1f555f8076910 Mon Sep 17 00:00:00 2001 From: mpgn Date: Mon, 24 Oct 2022 08:30:31 -0400 Subject: [PATCH] ldap try catch + magenta --- cme/protocols/ldap.py | 84 +++++++++++++++++++++++++++++-------------- cme/protocols/smb.py | 3 ++ 2 files changed, 61 insertions(+), 26 deletions(-) diff --git a/cme/protocols/ldap.py b/cme/protocols/ldap.py index 95836478..03025e25 100644 --- a/cme/protocols/ldap.py +++ b/cme/protocols/ldap.py @@ -34,7 +34,8 @@ ldap_error_status = { "532":"STATUS_PASSWORD_EXPIRED", "773":"STATUS_PASSWORD_MUST_CHANGE", "775":"USER_ACCOUNT_LOCKED", - "50":"LDAP_INSUFFICIENT_ACCESS" + "50":"LDAP_INSUFFICIENT_ACCESS", + "KDC_ERR_CLIENT_REVOKED":"KDC_ERR_CLIENT_REVOKED" } @@ -286,12 +287,13 @@ class ldap(connection): if not self.args.continue_on_success: return True except SessionError as e: + error, desc = e.getErrorString() self.logger.error(u'{}\\{}{} {}'.format(self.domain, self.username, " from ccache" if useCache else ":%s" % (next(sub for sub in [self.nthash, password, aesKey] if sub != '') if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8), str(e)), - color='red') + color='magenta' if error in ldap_error_status else 'red') return False except KeyError as e: self.logger.error(u'{}\\{}{} {}'.format(self.domain, @@ -300,34 +302,63 @@ class ldap(connection): else ":%s" % (next(sub for sub in [self.nthash, password, aesKey] if sub != '') if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8), ''), color='red') + return False except ldap_impacket.LDAPSessionError as e: if str(e).find('strongerAuthRequired') >= 0: # We need to try SSL - # Connect to LDAPS - self.ldapConnection = ldap_impacket.LDAPConnection('ldaps://%s' % target, self.baseDN) - self.ldapConnection.kerberosLogin(username, password, domain, self.lmhash, self.nthash, - aesKey, kdcHost=kdcHost, useCache=useCache) - - if self.username == '': - self.username = self.get_ldap_username() - - self.check_if_admin() - - # Prepare success credential text - out = u'{}\\{}{} {}'.format(domain, - self.username, - " from ccache" if useCache - else ":%s" % (next(sub for sub in [self.nthash, password, aesKey] if sub != '') if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8), - highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')) + try: + # Connect to LDAPS + self.ldapConnection = ldap_impacket.LDAPConnection('ldaps://%s' % target, self.baseDN) + self.ldapConnection.kerberosLogin(username, password, domain, self.lmhash, self.nthash, + aesKey, kdcHost=kdcHost, useCache=useCache) - self.logger.extra['protocol'] = "LDAPS" - self.logger.extra['port'] = "636" - self.logger.success(out) - - if not self.args.local_auth: - add_user_bh(self.username, self.domain, self.logger, self.config) - if not self.args.continue_on_success: - return True + if self.username == '': + self.username = self.get_ldap_username() + + self.check_if_admin() + + # Prepare success credential text + out = u'{}\\{}{} {}'.format(domain, + self.username, + " from ccache" if useCache + else ":%s" % (next(sub for sub in [self.nthash, password, aesKey] if sub != '') if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8), + highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')) + + if self.username == '': + self.username = self.get_ldap_username() + + self.check_if_admin() + + # Prepare success credential text + out = u'{}\\{} {}'.format(domain, + self.username, + highlight('({})'.format(self.config.get('CME', 'pwn3d_label')) if self.admin_privs else '')) + + self.logger.extra['protocol'] = "LDAPS" + self.logger.extra['port'] = "636" + self.logger.success(out) + + if not self.args.local_auth: + add_user_bh(self.username, self.domain, self.logger, self.config) + if not self.args.continue_on_success: + return True + except ldap_impacket.LDAPSessionError as e: + errorCode = str(e).split()[-2][:-1] + self.logger.error(u'{}\\{}:{} {}'.format(self.domain, + self.username, + self.password if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8, + ldap_error_status[errorCode] if errorCode in ldap_error_status else ''), + color='magenta' if errorCode in ldap_error_status else 'red') + return False + except SessionError as e: + error, desc = e.getErrorString() + self.logger.error(u'{}\\{}{} {}'.format(self.domain, + self.username, + " from ccache" if useCache + else ":%s" % (next(sub for sub in [self.nthash, password, aesKey] if sub != '') if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8), + str(e)), + color='magenta' if error in ldap_error_status else 'red') + return False else: errorCode = str(e).split()[-2][:-1] self.logger.error(u'{}\\{}{} {}'.format(self.domain, @@ -336,6 +367,7 @@ class ldap(connection): else ":%s" % (next(sub for sub in [self.nthash, password, aesKey] if sub != '') if not self.config.get('CME', 'audit_mode') else self.config.get('CME', 'audit_mode')*8), ldap_error_status[errorCode] if errorCode in ldap_error_status else ''), color='magenta' if errorCode in ldap_error_status else 'red') + return False def plaintext_login(self, domain, username, password): self.username = username diff --git a/cme/protocols/smb.py b/cme/protocols/smb.py index befe25e4..bf1962e1 100755 --- a/cme/protocols/smb.py +++ b/cme/protocols/smb.py @@ -378,6 +378,9 @@ class smb(connection): except: pass self.create_conn_obj() + except FileNotFoundError as e: + self.logger.error('CCache Error: {}'.format(e)) + return False except (SessionError, Exception) as e: error, desc = e.getErrorString() self.logger.error(u'{}\\{}{} {} {}'.format(domain,