krbrelayx
krbrelayx copied to clipboard
dirkjanm
Connection reset by peer when adding a DNS record with dnstool.py
Hello,
here is what happens when I try adding a record using dnstool.py (of course replacing the values for DOMAIN, USER, PASSWORD):
python3 /opt/krbrelayx/dnstool.py -u 'DOMAIN\USER' -p 'PASSWORD' --record 'kali' --action add --data 192.168.50.59 SRV-AD-02
[-] Connecting to host...
[-] Binding to host
[+] Bind OK
[-] Adding new record
Traceback (most recent call last):
File "/usr/local/lib/python3.11/dist-packages/ldap3/strategy/sync.py", line 82, in receiving
data = self.connection.socket.recv(self.socket_size)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
ConnectionResetError: [Errno 104] Connection reset by peer
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/krbrelayx/dnstool.py", line 610, in <module>
main()
File "/opt/krbrelayx/dnstool.py", line 538, in main
c.add(record_dn, ['top', 'dnsNode'], node_data)
File "/usr/local/lib/python3.11/dist-packages/ldap3/core/connection.py", line 987, in add
response = self.post_send_single_response(self.send('addRequest', request, controls))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/ldap3/strategy/sync.py", line 121, in post_send_single_response
responses, result = self.get_response(message_id)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/ldap3/strategy/base.py", line 356, in get_response
responses = self._get_response(message_id, timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/ldap3/strategy/sync.py", line 157, in _get_response
responses = self.receiving()
^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/ldap3/strategy/sync.py", line 92, in receiving
raise communication_exception_factory(LDAPSocketReceiveError, type(e)(str(e)))(self.connection.last_error)
ldap3.core.exceptions.LDAPSocketReceiveError: error receiving data: [Errno 104] Connection reset by peer
After that, I am not able to make a simple connection to the DC using cme/nxc...
It is the use of dnstool.py that creates this situation, no other tool does that. What could I provide you with to help you troubleshoot?
That is odd. Is this a real environment or a lab? Could you try instead to specify the hostname with ldaps:// prefix
It is a real environment. I used ldaps://MACHINE-NAME and ldaps://MACHINE-NAME.DOMAIN.TLD.
Different stacktrace:
[-] Connecting to host...
[-] Binding to host
Traceback (most recent call last):
File "/opt/krbrelayx/dnstool.py", line 610, in <module>
main()
File "/opt/krbrelayx/dnstool.py", line 430, in main
if not c.bind():
^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/ldap3/core/connection.py", line 589, in bind
self.open(read_server_info=False)
File "/usr/local/lib/python3.11/dist-packages/ldap3/strategy/sync.py", line 57, in open
BaseStrategy.open(self, reset_usage, read_server_info)
File "/usr/local/lib/python3.11/dist-packages/ldap3/strategy/base.py", line 146, in open
raise exception_history[0][0]
ldap3.core.exceptions.LDAPSocketOpenError: socket ssl wrapping error: [Errno 104] Connection reset by peer
The LDAPS TCP/636 port is open on the machine.
I have access to the environment until Friday 16th 11:00 AM UTC. Feel free to tell me if I can perform other tests!
since I have never seen Windows behave this way, it sounds like some IDS/IPS/EDR product is dropping your connection. usually using LDAP over TLS works around this but in your environment it doesn't sound like that is working either. I don't have any ideas right now what you could try to bypass this
There isn't any specific EDR on the machine, only Windows Defender. I didn't have the chance to investigate the logs, so I guess the story ends here... If I am able to gather some logs, I will post them, but I doubt it.
Thank you for your time anyway! And for the tool, which works well in other environments where I was able to use it :)