impacket icon indicating copy to clipboard operation
impacket copied to clipboard

Published 20 hours ago verified publisher icon fortra

[ntlmrelayx] Dump ADCS: bug fixes

Open SAERXCIT opened this issue 2 years ago • 0 comments

Hi !

This commit fixes 2 issues with the LDAP attack dumping ADCS info.

  1. For some reason unknown to me, some ACEs can have neither a valid ObjectType nor InheritedObjectType. The current check will try to parse InheritedObjectType if ObjectType is empty, resulting in an error as InheritedObjectType will also be empty. The right way to check this seems to be checking the Flags field: a value of 0 indicates neither of these fields are valid, and the ACE can be ignored.
  2. If a SID cannot be translated, the self.client.response object will still contain some information (but not the expected result object), and as such the len(self.client.response) will not be empty, resulting in an error when trying to access self.client.response[0]["attributes"]. I am replacing this check with self.client.entries object which will behave as wanted.

Thanks !

SAERXCIT avatar May 10 '22 08:05 SAERXCIT