dirkjanm / ldapdomaindump Goto Github PK
View Code? Open in Web Editor NEWActive Directory information dumper via LDAP
License: MIT License
Active Directory information dumper via LDAP
License: MIT License
Hi, would it be possible to add support for ldap channel binding using the ldap3 package?
Logging into a LDAP server with a user that is UID user instead of CN will result in an INVALID CREDENTIALS error.
https://serverfault.com/questions/448568/openldap-authentication-uid-vs-cn-issues
BloodHound 2.0 and newer uses JSON as format, while the convert utility still outputs CSV's.
I'm not sure how many people use this feature but it would be good to support the new format.
Currently errors out if SSL is required
Memory usage seems very high for large domains when dumping domain_users_by_group. Removing the redundant user memberships seems to fix it for HTML, but for json the problem persists.
Traceback (most recent call last):
File "/usr/local/bin/ldapdomaindump", line 3, in <module>
ldapdomaindump.main()
File "/usr/local/lib/python3.7/dist-packages/ldapdomaindump/__init__.py", line 944, in main
dd.domainDump()
File "/usr/local/lib/python3.7/dist-packages/ldapdomaindump/__init__.py", line 419, in domainDump
self.policy = self.getDomainPolicy()
File "/usr/local/lib/python3.7/dist-packages/ldapdomaindump/__init__.py", line 258, in getDomainPolicy
self.connection.search(self.root, '(objectClass=domain)', attributes=ldap3.ALL_ATTRIBUTES)
File "/usr/local/lib/python3.7/dist-packages/ldap3/core/connection.py", line 788, in search
response = self.post_send_search(self.send('searchRequest', request, controls))
File "/usr/local/lib/python3.7/dist-packages/ldap3/strategy/sync.py", line 139, in post_send_search
responses, result = self.get_response(message_id)
File "/usr/local/lib/python3.7/dist-packages/ldap3/strategy/base.py", line 325, in get_response
responses = self._get_response(message_id)
File "/usr/local/lib/python3.7/dist-packages/ldap3/strategy/sync.py", line 165, in _get_response
dict_response = self.decode_response_fast(ldap_resp)
File "/usr/local/lib/python3.7/dist-packages/ldap3/strategy/base.py", line 509, in decode_response_fast
result = search_result_entry_response_to_dict_fast(ldap_message['payload'], self.connection.server.schema, self.connection.server.custom_formatter, self.connection.check_names)
File "/usr/local/lib/python3.7/dist-packages/ldap3/operation/search.py", line 568, in search_result_entry_response_to_dict_fast
entry_dict['attributes'] = checked_attributes_to_dict_fast(response[1][3], schema, custom_formatter) # attributes
File "/usr/local/lib/python3.7/dist-packages/ldap3/operation/search.py", line 453, in checked_attributes_to_dict_fast
checked_attributes[name] = format_attribute_values(schema, name, decode_raw_vals_fast(attribute[3][1][3]) or [], custom_formatter)
File "/usr/local/lib/python3.7/dist-packages/ldap3/protocol/formatters/standard.py", line 213, in format_attribute_values
formatted_values = [formatter(raw_value) for raw_value in values] # executes formatter
File "/usr/local/lib/python3.7/dist-packages/ldap3/protocol/formatters/standard.py", line 213, in <listcomp>
formatted_values = [formatter(raw_value) for raw_value in values] # executes formatter
File "/usr/local/lib/python3.7/dist-packages/ldap3/protocol/formatters/formatters.py", line 337, in format_ad_timedelta
return format_ad_timestamp(raw_value * -1) - format_ad_timestamp(0)
TypeError: unsupported operand type(s) for -: 'bytes' and 'datetime.datetime'
I am experiencing a problem that seems similar to #27. Please see below:
(venv) deni@NCCBook-Pro ldapdomaindump-0.9.4 % python ldapdomaindump.py 10.129.139.146
[*] Connecting as anonymous user, dumping will probably fail. Consider specifying a username/password to login with
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
Traceback (most recent call last):
File "/Users/deni/Documents/OSCP/Hack-the-Box/sauna/ldapdomaindump-0.9.4/ldapdomaindump.py", line 3, in <module>
ldapdomaindump.main()
File "/Users/deni/Documents/OSCP/Hack-the-Box/sauna/ldapdomaindump-0.9.4/ldapdomaindump/__init__.py", line 950, in main
dd.domainDump()
File "/Users/deni/Documents/OSCP/Hack-the-Box/sauna/ldapdomaindump-0.9.4/ldapdomaindump/__init__.py", line 427, in domainDump
rw.generatePolicyReport(self)
File "/Users/deni/Documents/OSCP/Hack-the-Box/sauna/ldapdomaindump-0.9.4/ldapdomaindump/__init__.py", line 833, in generatePolicyReport
html = self.generateHtmlTable(dd.policy, self.policyattributes, 'Domain policy')
File "/Users/deni/Documents/OSCP/Hack-the-Box/sauna/ldapdomaindump-0.9.4/ldapdomaindump/__init__.py", line 521, in generateHtmlTable
of.append('<td>%s</td>' % self.formatAttribute(li[att], liIsGroup))
File "/Users/deni/Documents/OSCP/Hack-the-Box/sauna/ldapdomaindump-0.9.4/ldapdomaindump/__init__.py", line 639, in formatAttribute
return '%.1f minutes' % self.nsToMinutes(att.value)
File "/Users/deni/Documents/OSCP/Hack-the-Box/sauna/ldapdomaindump-0.9.4/ldapdomaindump/__init__.py", line 470, in nsToMinutes
return abs(length) * .0000001 / 60
TypeError: bad operand type for abs(): 'str'
The Virtual Environment used is running Python 3.10.6. Wrapping length
in float (return abs( float(length) ) * .0000001 / 60
) seems to potentially fix the problem.
--Denis
Dump fails against large domains due to memory issues. It would be nice to be able to dump data as it is parsed so that in the event that the user's machine runs out of memory that they still get some of the data.
I was troubleshooting a problem with ntlmrelayx.py, and I think that ldapdomaindump is the cause.
ntlmrelayx.py was never setting the global variable domainDumped = True because there was some silent error in the dump that was causing the function to return prematurely. Sure enough when I moved the line domainDumped = True to the top of the code (setting it before the domain dump was attempted) it works fine.
I looked quickly at the ldapdomaindump code and it seems like there are lots of try: blocks that return nothing on error. It would be nice to know why this is failing and at least get a little feedback for troubleshooting purposes.
Thanks for the awesome work.
Hello,
When using a password containing a special character like 'à é ù' throw the following error :
[*] Connecting to host...
[*] Binding to host
Traceback (most recent call last):
File "/usr/local/bin/ldapdomaindump", line 3, in <module>
ldapdomaindump.main()
File "/usr/local/lib/python2.7/dist-packages/ldapdomaindump/__init__.py", line 885, in main
if not c.bind():
File "/usr/local/lib/python2.7/dist-packages/ldap3/core/connection.py", line 569, in bind
response = self.do_ntlm_bind(controls)
File "/usr/local/lib/python2.7/dist-packages/ldap3/core/connection.py", line 1313, in do_ntlm_bind
result['server_creds'])
File "/usr/local/lib/python2.7/dist-packages/ldap3/operation/bind.py", line 81, in bind_operation
server_creds = name.create_authenticate_message()
File "/usr/local/lib/python2.7/dist-packages/ldap3/utils/ntlm.py", line 379, in create_authenticate_message
nt_challenge_response = self.compute_nt_response()
File "/usr/local/lib/python2.7/dist-packages/ldap3/utils/ntlm.py", line 485, in compute_nt_response
response_key_nt = self.ntowf_v2()
File "/usr/local/lib/python2.7/dist-packages/ldap3/utils/ntlm.py", line 496, in ntowf_v2
password_digest = hashlib.new('MD4', self._password.encode('utf-16-le')).digest()
UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 0: ordinal not in range(128)
Command used : ldapdomaindump -u "frenchcompany\administrateur" -p "çékàcèheù" -o ldap-dump 192.168.1.1
I was able to get around this by generating and using the hash in the mean time.
Hello @dirkjanm,
While installing the latest current impacket
module, which relies on ldapdomaindump
, I'm getting that error message:
$ pip install impacket
...
ldapdomaindump 0.9.1 has requirement ldap3==2.5.1, but you'll have ldap3 2.5.2 which is incompatible.
...
I think that you can safely change your requirements from
Line 9 in cd5f862
to
install_requires=['dnspython', 'ldap3>=2.5.1', 'future'],
Best regards.
Hello,
Thanks for the great tool.
I've come across the following stack-trace, one or more attributes' value(s) appears to be NoneType:
Traceback (most recent call last):
File "C:\Program Files\Python37\lib\runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "C:\Program Files\Python37\lib\runpy.py", line 85, in _run_code
exec(code, run_globals)
File "C:\Program Files\Python37\lib\site-packages\ldapdomaindump\__main__.py", line 3, in <module>
ldapdomaindump.main()
File "C:\Program Files\Python37\lib\site-packages\ldapdomaindump\__init__.py", line 922, in main
dd.domainDump()
File "C:\Program Files\Python37\lib\site-packages\ldapdomaindump\__init__.py", line 414, in domainDump
rw.generateUsersReport(self)
File "C:\Program Files\Python37\lib\site-packages\ldapdomaindump\__init__.py", line 769, in generateUsersReport
html = self.generateHtmlTable(dd.users, self.userattributes, 'Domain users')
File "C:\Program Files\Python37\lib\site-packages\ldapdomaindump\__init__.py", line 503, in generateHtmlTable
of.append('<td>%s</td>' % self.formatAttribute(li[att], liIsGroup))
File "C:\Program Files\Python37\lib\site-packages\ldapdomaindump\__init__.py", line 591, in formatAttribute
return ', '.join(self.parseFlags(att, uac_flags))
File "C:\Program Files\Python37\lib\site-packages\ldapdomaindump\__init__.py", line 460, in parseFlags
if attr.value & val:
TypeError: unsupported operand type(s) for &: 'NoneType' and 'int'
FWIW, I was running in -m
minimal mode due to a large set of data.
Hi! I keep receiving the following error while running ldapdomaindump, do you have any idea what might be going wrong?
ldapdomaindump $target -u 'BLACKFIELD.local\support' -p '#00^BlackKnight'
[*] Connecting to host...
[*] Binding to host
Traceback (most recent call last):
File "/usr/bin/ldapdomaindump", line 3, in <module>
ldapdomaindump.main()
File "/usr/lib/python3/dist-packages/ldapdomaindump/__init__.py", line 912, in main
if not c.bind():
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 563, in bind
response = self.do_ntlm_bind(controls)
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 1302, in do_ntlm_bind
request = bind_operation(self.version, 'SICILY_RESPONSE_NTLM', ntlm_client, result['server_creds'])
File "/usr/lib/python3/dist-packages/ldap3/operation/bind.py", line 81, in bind_operation
server_creds = name.create_authenticate_message()
File "/usr/lib/python3/dist-packages/ldap3/utils/ntlm.py", line 379, in create_authenticate_message
nt_challenge_response = self.compute_nt_response()
File "/usr/lib/python3/dist-packages/ldap3/utils/ntlm.py", line 485, in compute_nt_response
response_key_nt = self.ntowf_v2()
File "/usr/lib/python3/dist-packages/ldap3/utils/ntlm.py", line 497, in ntowf_v2
return hmac.new(password_digest, (self.user_name.upper() + self.user_domain).encode('utf-16-le')).digest()
File "/usr/lib/python3.8/hmac.py", line 153, in new
return HMAC(key, msg, digestmod)
File "/usr/lib/python3.8/hmac.py", line 51, in __init__
raise TypeError("Missing required parameter 'digestmod'.")
TypeError: Missing required parameter 'digestmod'.
Hi to all,
I have tried to extract information from a LDAP server, but in one part I receive this error in a group property, I am not sure what it is, has anyone else had a similar problem?
[] Connecting as anonymous user, dumping will probably fail. Consider specifying a username/password to login with
[] Connecting to host...
[] Binding to host
[+] Bind OK
[] Starting domain dump
Traceback (most recent call last):
File "/root/Tools/ldapdomaindump/ldapdomaindump.py", line 3, in
ldapdomaindump.main()
File "/root/Tools/ldapdomaindump/ldapdomaindump/init.py", line 950, in main
dd.domainDump()
File "/root/Tools/ldapdomaindump/ldapdomaindump/init.py", line 423, in domainDump
rw.generateUsersReport(self)
File "/root/Tools/ldapdomaindump/ldapdomaindump/init.py", line 795, in generateUsersReport
dd.mapGroupsIdsToDns()
File "/root/Tools/ldapdomaindump/ldapdomaindump/init.py", line 351, in mapGroupsIdsToDns
gid = int(group.objectSid.value.split('-')[-1])
UnicodeDecodeError: 'ascii' codec can't decode byte 0xfb in position 13: ordinal not in range(128)
Thx
Hi,
I have run tool with expected arguments but after some time it throws an exception.
I guess it is due to unexpected output comes from DC as a result of used LDAP queries.
This is what I get:
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
Traceback (most recent call last):
File "/home/abdulla/dassaq/bin/ldapdomaindump", line 3, in <module>
ldapdomaindump.main()
File "/home/abdulla/dassaq/lib/python3.6/site-packages/ldapdomaindump/__init__.py", line 944, in main
dd.domainDump()
File "/home/abdulla/dassaq/lib/python3.6/site-packages/ldapdomaindump/__init__.py", line 416, in domainDump
self.groups = self.getAllGroups()
File "/home/abdulla/dassaq/lib/python3.6/site-packages/ldapdomaindump/__init__.py", line 253, in getAllGroups
self.connection.extend.standard.paged_search(self.root, '(objectClass=group)', attributes=ldap3.ALL_ATTRIBUTES, paged_size=500, generator=False)
File "/home/abdulla/dassaq/lib/python3.6/site-packages/ldap3/extend/__init__.py", line 125, in paged_search
paged_criticality)
File "/home/abdulla/dassaq/lib/python3.6/site-packages/ldap3/extend/standard/PagedSearch.py", line 142, in paged_search_accumulator
paged_criticality):
File "/home/abdulla/dassaq/lib/python3.6/site-packages/ldap3/extend/standard/PagedSearch.py", line 68, in paged_search_generator
None if cookie is True else cookie)
File "/home/abdulla/dassaq/lib/python3.6/site-packages/ldap3/core/connection.py", line 839, in search
response = self.post_send_search(self.send('searchRequest', request, controls))
File "/home/abdulla/dassaq/lib/python3.6/site-packages/ldap3/strategy/sync.py", line 139, in post_send_search
responses, result = self.get_response(message_id)
File "/home/abdulla/dassaq/lib/python3.6/site-packages/ldap3/strategy/base.py", line 411, in get_response
if self.do_search_on_auto_range(self._outstanding[message_id], response):
File "/home/abdulla/dassaq/lib/python3.6/site-packages/ldap3/strategy/base.py", line 735, in do_search_on_auto_range
self.do_next_range_search(request, resp, attr_name)
File "/home/abdulla/dassaq/lib/python3.6/site-packages/ldap3/strategy/base.py", line 688, in do_next_range_search
response['raw_attributes'][attr_type] += current_response['raw_attributes'][attr_name]
TypeError: list indices must be integers or slices, not str
LDAP is too big,so when i dump it。 it's out of memory
[] Connecting to host...
[] Binding to host
[+] Bind OK
[*] Starting domain dump
MemoryError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Users\xxxxxx\AppData\Local\Programs\Python\Python37-32\lib\site-packages\ldap3\utils\asn1.py", line 121, in decode_sequence
ber_len, ber_value_offset = compute_ber_size(get_bytes(message[start: start + 10]))
MemoryError
During handling of the above exception, another exception occurred:
MemoryError
During handling of the above exception, another exception occurred:
MemoryError
During handling of the above exception, another exception occurred:
MemoryError
During handling of the above exception, another exception occurred:
MemoryError
During handling of the above exception, another exception occurred:
MemoryError
Hi when I run the latest version I get this....
root@kali:/opt/ldapdomaindump# python ldapdomaindump.py -u "davy\rich" 192.168.226.10
Password:
[] Connecting to host...
[] Binding to host
[+] Bind OK
[*] Starting domain dump
Traceback (most recent call last):
File "ldapdomaindump.py", line 3, in
ldapdomaindump.main()
File "/opt/ldapdomaindump/ldapdomaindump/init.py", line 922, in main
dd.domainDump()
File "/opt/ldapdomaindump/ldapdomaindump/init.py", line 411, in domainDump
self.policy = self.getDomainPolicy()
File "/opt/ldapdomaindump/ldapdomaindump/init.py", line 254, in getDomainPolicy
self.connection.search(self.root, '(objectClass=domain)', attributes=ldap3.ALL_ATTRIBUTES)
File "/usr/local/lib/python2.7/dist-packages/ldap3/core/connection.py", line 788, in search
response = self.post_send_search(self.send('searchRequest', request, controls))
File "/usr/local/lib/python2.7/dist-packages/ldap3/strategy/sync.py", line 139, in post_send_search
responses, result = self.get_response(message_id)
File "/usr/local/lib/python2.7/dist-packages/ldap3/strategy/base.py", line 325, in get_response
responses = self._get_response(message_id)
File "/usr/local/lib/python2.7/dist-packages/ldap3/strategy/sync.py", line 165, in _get_response
dict_response = self.decode_response_fast(ldap_resp)
File "/usr/local/lib/python2.7/dist-packages/ldap3/strategy/base.py", line 509, in decode_response_fast
result = search_result_entry_response_to_dict_fast(ldap_message['payload'], self.connection.server.schema, self.connection.server.custom_formatter, self.connection.check_names)
File "/usr/local/lib/python2.7/dist-packages/ldap3/operation/search.py", line 568, in search_result_entry_response_to_dict_fast
entry_dict['attributes'] = checked_attributes_to_dict_fast(response[1][3], schema, custom_formatter) # attributes
File "/usr/local/lib/python2.7/dist-packages/ldap3/operation/search.py", line 453, in checked_attributes_to_dict_fast
checked_attributes[name] = format_attribute_values(schema, name, decode_raw_vals_fast(attribute[3][1][3]) or [], custom_formatter)
File "/usr/local/lib/python2.7/dist-packages/ldap3/protocol/formatters/standard.py", line 213, in format_attribute_values
formatted_values = [formatter(raw_value) for raw_value in values] # executes formatter
File "/usr/local/lib/python2.7/dist-packages/ldap3/protocol/formatters/formatters.py", line 337, in format_ad_timedelta
return format_ad_timestamp(raw_value * -1) - format_ad_timestamp(0)
TypeError: unsupported operand type(s) for -: 'str' and 'datetime.datetime'
Hi,
It would be useful if the tool could retrieve Unix UID, GID, and default shell info per user, as well.
In Active Directory, the UID attribute is 'uidNumber', the GID attribute is 'gidNumber', and the shell attribute is 'loginShell'
Thanks
Deprecation warnings are raised due to invalid escape sequences. This can be fixed by using raw strings or escaping the literals. pyupgrade also helps in automatic conversion : https://github.com/asottile/pyupgrade/
find . -iname '*.py' | grep -v example | xargs -P4 -I{} python3.8 -Wall -m py_compile {}
./ldapdomaindump/pretty.py:126: DeprecationWarning: invalid escape sequence \I
user = "NT AUTHORITY\IUSR"
./ldapdomaindump/pretty.py:124: DeprecationWarning: invalid escape sequence \I
user = "NT AUTHORITY\INTERACTIVE"
./ldapdomaindump/pretty.py:122: DeprecationWarning: invalid escape sequence \A
user = "NT AUTHORITY\Authenticated Users"
here is my environment, I got a windows 7 x64 workstation in forest-a.local, and log on as [email protected], who is a member of "Enterprise Admins" and "Domain Admins" group in forest-a.local, below is the output of klist:
I have no idea how can I connect to server in forest-b.local, because I don't have a valid credential to connect with, I tried [email protected] and [email protected], but neither of them are right, am I supposed to use [email protected]? If so, I think my workstation would just send request to DC of forest-b.local, not DC of forest-a.local
Hi, ldapdomaindump locked the version constraint of ldap3 as ldap3==2.5.1, which leads to a troubling scenario that its direct downstream project impacket has to lock ldap3==2.5.1.
What makes the situation worse is that the downstream projects ['adidnsdump-1.1.0', 'bloodhound-0.7.0', 'boofuzz-0.1.5'] of impacket are also forced to lock this specific version ldap3==2.5.1 to avoid conflicts.
Could you please loosen the version constraint of ldap3?
Benefit of this is that users using both of impacket and ldap3 can upgrade their third party libraries in a timely manner to reduce technical debts.
The dependency trees of your project and affected downstream projects are shown as follows.
Taking the version constraints of upstream and downstream projects into comprehensive consideration, you can
@dirkjanm Please let me know your choice. I can submit a PR to fix this issue.
Thanks for your attention.
Best,
Neolith
MemoryError
During handling of the above exception, another exception occurred:
PS C:\Users\user\Downloads\ldapdomaindump-0.9.3> python .\ldapdomaindump.py DC3 -u domain\user -p pass
[] Connecting to host...
[] Binding to host
[+] Bind OK
[*] Starting domain dump
MemoryError
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "D:\Program Files\python3\lib\site-packages\ldap3\utils\asn1.py", line 121, in decode_sequence
ber_len, ber_value_offset = compute_ber_size(get_bytes(message[start: start + 10]))
MemoryError
During handling of the above exception, another exception occurred:
Davmail provides a gateway between Microsoft's Exchange services to formats like Imap, Caldav, Carddav and LDAP. However, there's no username or password to enter. Leaving them blank gives you
KeyError: 'defaultnamingcontext'
Hello,
I just install the tool with pip but i keep getting this error :
ldapdomaindump ldap://1.1.1.1:389 20:24:08
[*] Connecting as anonymous user, dumping will probably fail. Consider specifying a username/password to login with
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
Traceback (most recent call last):
File "/home/bonclay/.local/bin/ldapdomaindump", line 3, in <module>
ldapdomaindump.main()
File "/home/bonclay/.local/lib/python2.7/site-packages/ldapdomaindump/__init__.py", line 892, in main
dd = domainDumper(s, c, cnf)
File "/home/bonclay/.local/lib/python2.7/site-packages/ldapdomaindump/__init__.py", line 158, in __init__
self.root = self.getRoot()
File "/home/bonclay/.local/lib/python2.7/site-packages/ldapdomaindump/__init__.py", line 171, in getRoot
return self.server.info.other['defaultNamingContext'][0]
File "/home/bonclay/.local/lib/python2.7/site-packages/ldap3/utils/ciDict.py", line 68, in __getitem__
return self._store[self._case_insensitive_keymap[self._ci_key(key)]]
KeyError: 'defaultnamingcontext'
When trying to run convert.py
I get ImportError: cannot import name itervalues
(and also iteritems
).
It seems perhaps these were taken out of builtins
. They are available with the six
library.
Updating the line linked above to this, seems to fix the problem.
I get this error when trying to run command.
[!] Username must include a domain, use: DOMAIN\username
At the moment:
This should be improved
Hi, I am getting the following error.
I am running ldapdomaindump in a Python 3.10.8 virtual environment. Installation was done with python setup.py install
inside the virtual environment, and I used the following command (sensitive info replaced):
ldapdomaindump -u 'redacted.com\username' -p 'password' -d redacted.com -o loot ldaps://192.168.1.123
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
Traceback (most recent call last):
File "/opt/ldapdomaindump/bin/ldapdomaindump", line 4, in <module>
__import__('pkg_resources').run_script('ldapdomaindump==0.9.3', 'ldapdomaindump')
File "/opt/ldapdomaindump/lib/python3.10/site-packages/pkg_resources/__init__.py", line 672, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/opt/ldapdomaindump/lib/python3.10/site-packages/pkg_resources/__init__.py", line 1472, in run_script
exec(code, namespace, namespace)
File "/opt/ldapdomaindump/lib/python3.10/site-packages/ldapdomaindump-0.9.3-py3.10.egg/EGG-INFO/scripts/ldapdomaindump", line 3, in <module>
ldapdomaindump.main()
File "/opt/ldapdomaindump/lib/python3.10/site-packages/ldapdomaindump-0.9.3-py3.10.egg/ldapdomaindump/__init__.py", line 946, in main
dd.domainDump()
File "/opt/ldapdomaindump/lib/python3.10/site-packages/ldapdomaindump-0.9.3-py3.10.egg/ldapdomaindump/__init__.py", line 424, in domainDump
rw.generateUsersReport(self)
File "/opt/ldapdomaindump/lib/python3.10/site-packages/ldapdomaindump-0.9.3-py3.10.egg/ldapdomaindump/__init__.py", line 793, in generateUsersReport
html = self.generateHtmlTable(dd.users, self.userattributes, 'Domain users')
File "/opt/ldapdomaindump/lib/python3.10/site-packages/ldapdomaindump-0.9.3-py3.10.egg/ldapdomaindump/__init__.py", line 521, in generateHtmlTable
of.append('<td>%s</td>' % self.formatAttribute(li[att], liIsGroup))
File "/opt/ldapdomaindump/lib/python3.10/site-packages/ldapdomaindump-0.9.3-py3.10.egg/ldapdomaindump/__init__.py", line 644, in formatAttribute
return self.htmlescape(self.formatString(att.value))
File "/opt/ldapdomaindump/lib/python3.10/site-packages/ldapdomaindump-0.9.3-py3.10.egg/ldapdomaindump/__init__.py", line 449, in htmlescape
return (html.replace("&", "&").replace("<", "<").replace(">", ">").replace("'", "'").replace('"', """))
AttributeError: 'list' object has no attribute 'replace'
Also tried with Python 3.9 and get the same error.
However, running the command on the latest Kali system installed ldapdomaindump shows the following, different error:
Thanks
First of all thanks for the nice project. Would it be possible to implement some regular "disk flushes"? I tried to dump a slightly large AD today and - even with the -m
option enabled - easily exhausted the 12GB RAM in my VM. Writing information to disk and clearing internal data structures from time to time will probably drastically reduce the memory consumption.
Readme.md specifies that the only dependencies required are ldap3
and dnspython
.
You need to include the future
package as well. It is correct in setup.py but not the readme.md file. If you could please update that'd be great.
Hi, I get the following exception when using the tool:
[*] Connecting as anonymous user, dumping will probably fail. Consider specifying a username/password to login with [*] Connecting to host... [*] Binding to host [+] Bind OK [*] Starting domain dump Traceback (most recent call last): File "ldapdomaindump.py", line 3, in <module> ldapdomaindump.main() File "/root/Downloads/ldapdomaindump/ldapdomaindump/__init__.py", line 944, in main dd.domainDump() File "/root/Downloads/ldapdomaindump/ldapdomaindump/__init__.py", line 422, in domainDump rw.generateUsersReport(self) File "/root/Downloads/ldapdomaindump/ldapdomaindump/__init__.py", line 789, in generateUsersReport dd.mapGroupsIdsToDns() File "/root/Downloads/ldapdomaindump/ldapdomaindump/__init__.py", line 350, in mapGroupsIdsToDns gid = int(group.objectSid.value.split('-')[-1]) TypeError: a bytes-like object is required, not 'str'
The value where the exception is raised is the following:
[*] Connecting as anonymous user, dumping will probably fail. Consider specifying a username/password to login with [*] Connecting to host... [*] Binding to host [+] Bind OK [*] Starting domain dump group: DN: CN=test,OU=Security Groups,DC=htb,DC=local - STATUS: Read - READ TIME: 2020-02-06T06:24:31.554167 cn: test dSCorePropagationData: 20200206113115.0Z 20200206113115.0Z 20200206113115.0Z 20200206113115.0Z 16010101000000.0Z distinguishedName: CN=test,OU=Security Groups,DC=htb,DC=local groupType: -2147483646 instanceType: 4 name: test objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=htb,DC=local objectClass: top group objectGUID: b'c\x8fp\x02\xfc\x84\x8bN\xa3\xf5\xc9Ec\x15\xdat' objectSid: b'\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00,\x1e%\xb7\x15u\xb2\x15\xc5\xb0\xf3O\xed\x13\x00\x00' sAMAccountName: test sAMAccountType: 268435456
Tried with the following versions:
LDAP Version: 2.5.1-0kali1
ldapdomaindump: 0.9.1-0kali2 (preinstalled) and 0.9.2 (from GIT)
Hi,
Microsoft establishes that the trustType attribute contains one of the following values:
But using the latest stable version of ldapdomaindump I'm getting two values at least:
Thanks for your support
Just tried ldapdomaindump and getting this error. I have tried it with and without --minimal and other options.
(I replaced real data here with generic)
ldapdomaindump -u domain\user -p "password" --minimal (IP of AD)
[] Connecting to host...
[] Binding to host
[+] Bind OK
[*] Starting domain dump
Traceback (most recent call last):
File "/usr/local/bin/ldapdomaindump", line 4, in
import('pkg_resources').run_script('ldapdomaindump==0.9.1', 'ldapdomaindump')
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/init.py", line 750, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/local/lib/python2.7/dist-packages/pkg_resources/init.py", line 1527, in run_script
exec(code, namespace, namespace)
File "/usr/local/lib/python2.7/dist-packages/ldapdomaindump-0.9.1-py2.7.egg/EGG-INFO/scripts/ldapdomaindump", line 3, in
ldapdomaindump.main()
File "/usr/local/lib/python2.7/dist-packages/ldapdomaindump-0.9.1-py2.7.egg/ldapdomaindump/init.py", line 922, in main
dd.domainDump()
File "/usr/local/lib/python2.7/dist-packages/ldapdomaindump-0.9.1-py2.7.egg/ldapdomaindump/init.py", line 414, in domainDump
rw.generateUsersReport(self)
File "/usr/local/lib/python2.7/dist-packages/ldapdomaindump-0.9.1-py2.7.egg/ldapdomaindump/init.py", line 769, in generateUsersReport
html = self.generateHtmlTable(dd.users, self.userattributes, 'Domain users')
File "/usr/local/lib/python2.7/dist-packages/ldapdomaindump-0.9.1-py2.7.egg/ldapdomaindump/init.py", line 503, in generateHtmlTable
of.append('%s' % self.formatAttribute(li[att], liIsGroup))
File "/usr/local/lib/python2.7/dist-packages/ldapdomaindump-0.9.1-py2.7.egg/ldapdomaindump/init.py", line 597, in formatAttribute
return self.formatGroupsHtml([self.dd.groups_dnmap[att.value]])
KeyError: 1040
Can someone shed some light what is causing the error below? Appreciate any help!
[] Connecting to host...
[] Binding to host
Traceback (most recent call last):
File "/usr/local/bin/ldapdomaindump", line 3, in
ldapdomaindump.main()
File "/usr/local/lib/python2.7/dist-packages/ldapdomaindump/init.py", line 940, in main
if not c.bind():
File "/usr/local/lib/python2.7/dist-packages/ldap3/core/connection.py", line 563, in bind
response = self.do_ntlm_bind(controls)
File "/usr/local/lib/python2.7/dist-packages/ldap3/core/connection.py", line 1302, in do_ntlm_bind
request = bind_operation(self.version, 'SICILY_RESPONSE_NTLM', ntlm_client, result['server_creds'])
File "/usr/local/lib/python2.7/dist-packages/ldap3/operation/bind.py", line 81, in bind_operation
server_creds = name.create_authenticate_message()
File "/usr/local/lib/python2.7/dist-packages/ldap3/utils/ntlm.py", line 379, in create_authenticate_message
nt_challenge_response = self.compute_nt_response()
File "/usr/local/lib/python2.7/dist-packages/ldap3/utils/ntlm.py", line 485, in compute_nt_response
response_key_nt = self.ntowf_v2()
File "/usr/local/lib/python2.7/dist-packages/ldap3/utils/ntlm.py", line 496, in ntowf_v2
password_digest = hashlib.new('MD4', self._password.encode('utf-16-le')).digest()
File "/usr/lib/python2.7/hashlib.py", line 116, in __py_new
return __get_builtin_constructor(name)(string)
File "/usr/lib/python2.7/hashlib.py", line 97, in __get_builtin_constructor
raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type MD4
Trying to install from the latest commit using:
python setup.py install
Results in:
running install
running bdist_egg
running egg_info
writing ldapdomaindump.egg-info/PKG-INFO
writing dependency_links to ldapdomaindump.egg-info/dependency_links.txt
writing requirements to ldapdomaindump.egg-info/requires.txt
writing top-level names to ldapdomaindump.egg-info/top_level.txt
reading manifest file 'ldapdomaindump.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'ldapdomaindump.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_py
installing scripts to build/bdist.linux-x86_64/egg/EGG-INFO/scripts
running install_scripts
running build_scripts
error: file '/root/tools/ldapdomaindump/bin/ldd2pretty' does not exist
It looks like ldd2pretty hasn't yet been added to bin
python3 ldapdomaindump.py ldap://10.10.73.150
[] Connecting as anonymous user, dumping will probably fail. Consider specifying a username/password to login with
[] Connecting to host...
[] Binding to host
[+] Bind OK
[] Starting domain dump
Traceback (most recent call last):
File "/home/kali/tools/ldap/ldapdomaindump/ldapdomaindump.py", line 3, in
ldapdomaindump.main()
File "/home/kali/tools/ldap/ldapdomaindump/ldapdomaindump/init.py", line 956, in main
dd.domainDump()
File "/home/kali/tools/ldap/ldapdomaindump/ldapdomaindump/init.py", line 418, in domainDump
rw.generateUsersReport(self)
File "/home/kali/tools/ldap/ldapdomaindump/ldapdomaindump/init.py", line 801, in generateUsersReport
dd.mapGroupsIdsToDns()
File "/home/kali/tools/ldap/ldapdomaindump/ldapdomaindump/init.py", line 346, in mapGroupsIdsToDns
gid = int(group.objectSid.value.split('-')[-1])
TypeError: a bytes-like object is required, not 'str'
Hello,
I tried to use the tool on an assesment and I got the following error :
[*] Connecting to host...
[*] Binding to host
[+] Bind OK
[*] Starting domain dump
Traceback (most recent call last):
File "/usr/local/bin/ldapdomaindump", line 3, in <module>
ldapdomaindump.main()
File "/usr/local/lib/python2.7/dist-packages/ldapdomaindump/__init__.py", line 895, in main
dd.domainDump()
File "/usr/local/lib/python2.7/dist-packages/ldapdomaindump/__init__.py", line 407, in domainDump
self.policy = self.getDomainPolicy()
File "/usr/local/lib/python2.7/dist-packages/ldapdomaindump/__init__.py", line 250, in getDomainPolicy
self.connection.search(self.root, '(objectClass=domain)', attributes=ldap3.ALL_ATTRIBUTES)
File "/usr/local/lib/python2.7/dist-packages/ldap3/core/connection.py", line 788, in search
response = self.post_send_search(self.send('searchRequest', request, controls))
File "/usr/local/lib/python2.7/dist-packages/ldap3/strategy/sync.py", line 139, in post_send_search
responses, result = self.get_response(message_id)
File "/usr/local/lib/python2.7/dist-packages/ldap3/strategy/base.py", line 325, in get_response
responses = self._get_response(message_id)
File "/usr/local/lib/python2.7/dist-packages/ldap3/strategy/sync.py", line 165, in _get_response
dict_response = self.decode_response_fast(ldap_resp)
File "/usr/local/lib/python2.7/dist-packages/ldap3/strategy/base.py", line 509, in decode_response_fast
result = search_result_entry_response_to_dict_fast(ldap_message['payload'], self.connection.server.schema, self.connection.server.custom_formatter, self.connection.check_names)
File "/usr/local/lib/python2.7/dist-packages/ldap3/operation/search.py", line 568, in search_result_entry_response_to_dict_fast
entry_dict['attributes'] = checked_attributes_to_dict_fast(response[1][3], schema, custom_formatter) # attributes
File "/usr/local/lib/python2.7/dist-packages/ldap3/operation/search.py", line 453, in checked_attributes_to_dict_fast
checked_attributes[name] = format_attribute_values(schema, name, decode_raw_vals_fast(attribute[3][1][3]) or [], custom_formatter)
File "/usr/local/lib/python2.7/dist-packages/ldap3/protocol/formatters/standard.py", line 213, in format_attribute_values
formatted_values = [formatter(raw_value) for raw_value in values] # executes formatter
File "/usr/local/lib/python2.7/dist-packages/ldap3/protocol/formatters/formatters.py", line 337, in format_ad_timedelta
return format_ad_timestamp(raw_value * -1) - format_ad_timestamp(0)
TypeError: unsupported operand type(s) for -: 'str' and 'datetime.datetime'
The command I used : ldapdomaindump -u "frenchcompany\administrateur" -p aad3b435b51404eeaad3b435b51404ee:0000000000theNThash0000000000000 -o ldap-dump 192.168.1.1 -m
I have no clue where it could be from :(. I get the same behavior with or without the -m
option.
Did someone saw this error already ?
Do you still need to depend on future library? Do you still need to support Python 2? future will no longer work with Python 3.12 because imp module has been removed from stdlib and the situation will be even worse with 3.13 because the lib2to3 which is the core of the future will be removed from stdlib as well.
It should be simple to remove the dependency on future, it's a good idea to do it, and I can help you with that if you want to.
Look into ways to visualize complex group structures, maybe with a separate utility or with a command line client to just get all memberships of a useraccount
] Connecting as anonymous user, dumping will probably fail. Consider specifying a username/password to login with
[] Connecting to host...
[] Binding to host
[+] Bind OK
[] Starting domain dump
Traceback (most recent call last):
File "/usr/lib/python2.7/runpy.py", line 174, in _run_module_as_main
"main", fname, loader, pkg_name)
File "/usr/lib/python2.7/runpy.py", line 72, in _run_code
exec code in run_globals
File "/opt/scripts/ldapdomaindump/ldapdomaindump/main.py", line 3, in
ldapdomaindump.main()
File "ldapdomaindump/init.py", line 944, in main
dd.domainDump()
File "ldapdomaindump/init.py", line 425, in domainDump
rw.generatePolicyReport(self)
File "ldapdomaindump/init.py", line 827, in generatePolicyReport
html = self.generateHtmlTable(dd.policy, self.policyattributes, 'Domain policy')
File "ldapdomaindump/init.py", line 519, in generateHtmlTable
of.append('%s' % self.formatAttribute(li[att], liIsGroup))
File "ldapdomaindump/init.py", line 635, in formatAttribute
return '%.1f minutes' % self.nsToMinutes(att.value)
File "ldapdomaindump/init.py", line 468, in nsToMinutes
return abs(length) * .0000001 / 60
TypeError: bad operand type for abs(): 'unicode'
It seems there are some new exceptions in ldap3 v2 which aren't caught. Should test all functionality and corner cases again.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.