From feafcbd7d41fbb26ff94a648beafbb78dc252f67 Mon Sep 17 00:00:00 2001 From: Oliver Lyak <53348818+ly4k@users.noreply.github.com> Date: Mon, 17 Jul 2023 23:57:34 +0200 Subject: [PATCH] fixed schannel (LDAPS) authentication issues --- certipy/commands/auth.py | 36 ++++++++++++++++++++++---------- certipy/commands/parsers/auth.py | 11 ++++++++-- setup.py | 2 +- 3 files changed, 35 insertions(+), 14 deletions(-) diff --git a/certipy/commands/auth.py b/certipy/commands/auth.py index 015e096..3808777 100755 --- a/certipy/commands/auth.py +++ b/certipy/commands/auth.py @@ -114,7 +114,8 @@ def __init__( print: bool = False, kirbi: bool = False, ldap_shell: bool = False, - ldap_port: int = 389, + ldap_port: int = 0, + ldap_scheme: str = "ldaps", ldap_user_dn: str = None, user_dn: str = None, debug=False, @@ -130,7 +131,10 @@ def __init__( self.print = print self.kirbi = kirbi self.ldap_shell = ldap_shell - self.ldap_port = ldap_port + self.ldap_port = ( + ldap_port if ldap_port != 0 else (389 if ldap_scheme == "ldap" else 636) + ) + self.ldap_scheme = ldap_scheme self.ldap_user_dn = ldap_user_dn self.user_dn = user_dn self.verbose = debug @@ -279,31 +283,38 @@ def ldap_authentication( local_private_key_file=key_file.name, local_certificate_file=cert_file.name, validate=ssl.CERT_NONE, - ciphers='ALL:@SECLEVEL=0', + ciphers="ALL:@SECLEVEL=0", ) host = self.target.target_ip if host is None: host = domain - host = "ldap://%s:%d" % (host, self.ldap_port) - logging.info("Connecting to %s" % repr(host)) + logging.info("Connecting to %s" % repr("%s://%s:%d" % (self.ldap_scheme, host, self.ldap_port))) ldap_server = ldap3.Server( host=host, get_info=ldap3.ALL, + use_ssl=True if self.ldap_scheme == "ldaps" else False, + port=self.ldap_port, tls=tls, - connect_timeout=5, + connect_timeout=self.target.timeout, ) + conn_kwargs = dict() + if self.ldap_scheme == "ldap": + conn_kwargs = { + "authentication": ldap3.SASL, + "sasl_mechanism": ldap3.EXTERNAL, + "auto_bind": ldap3.AUTO_BIND_TLS_BEFORE_BIND, + "sasl_credentials": sasl_credentials, + } + try: ldap_conn = ldap3.Connection( ldap_server, - authentication=ldap3.SASL, - sasl_mechanism=ldap3.EXTERNAL, - sasl_credentials=sasl_credentials, - auto_bind=ldap3.AUTO_BIND_TLS_BEFORE_BIND, raise_exceptions=True, - receive_timeout=self.target.timeout * 10 + receive_timeout=self.target.timeout * 10, + **conn_kwargs ) except ldap3.core.exceptions.LDAPUnavailableResult as e: logging.error("LDAP not configured for SSL/TLS connections") @@ -311,6 +322,9 @@ def ldap_authentication( raise e return False + if self.ldap_scheme == "ldaps": + ldap_conn.open() + who_am_i = ldap_conn.extend.standard.who_am_i() logging.info( "Authenticated to %s as: %s" % (repr(self.target.target_ip), who_am_i) diff --git a/certipy/commands/parsers/auth.py b/certipy/commands/parsers/auth.py index f906b5b..b7ffdc1 100755 --- a/certipy/commands/parsers/auth.py +++ b/certipy/commands/parsers/auth.py @@ -93,11 +93,18 @@ def add_subparser(subparsers: argparse._SubParsersAction) -> Tuple[str, Callable group.add_argument( "-ldap-port", action="store", - help="LDAP port. Default: 389", + help="LDAP port. Default: 636", metavar="port", - default=389, + default=0, type=int, ) + group.add_argument( + "-ldap-scheme", + action="store", + metavar="ldap scheme", + choices=["ldap", "ldaps"], + default="ldaps", + ) group.add_argument( "-ldap-user-dn", action="store", diff --git a/setup.py b/setup.py index 417d6b1..6a30d65 100644 --- a/setup.py +++ b/setup.py @@ -5,7 +5,7 @@ setup( name="certipy-ad", - version="4.5.1", + version="4.6.0", license="MIT", author="ly4k", url="https://github.com/ly4k/Certipy",