BloodHound.py icon indicating copy to clipboard operation
BloodHound.py copied to clipboard

Published 20 hours ago verified publisher icon dirkjanm

Added LDAP Channel Binding Support

Open deadjakk opened this issue 2 years ago • 1 comments
trafficstars

  1. Added ldap channel binding
  2. Set the default protocol in domain.py to match that of authentication.py
  3. Removed a line in authentication.py that recreates the conn variable before binding which seemed unnecessary

Once added, I was able to fully enumerate a domain with ldap channel signing enforced as intended. Maybe double check the removal of line 107 of bloodhound/ad/authentication.py where I got rid of the "additional" conn variable creation. It seemed redundant, but you be the judge. If it needs to stay then the ldap channel binding arg needs to be passed there as well.

deadjakk avatar Nov 17 '23 02:11 deadjakk

i merged this manually and it solved my problem. can we get this into the main line?

canastasio avatar Jul 16 '24 02:07 canastasio

Yes worked for me as well, but needed a small fix for Kerberos authentication https://github.com/deadjakk/BloodHound.py/pull/1

lefayjey avatar Nov 11 '24 11:11 lefayjey

@deadjakk this is badass. thanks for this 👍

mubix avatar Dec 17 '24 16:12 mubix

hey, due to diverging changes I have merged this in manually, with some fixes. Channel binding is now supported with both NTLM and Kerberos. Thanks for the contribution!

dirkjanm avatar Jan 02 '25 14:01 dirkjanm