pre2k icon indicating copy to clipboard operation
pre2k copied to clipboard
verified publisher icon garrettfoster13

Unauth samaccountname string length problem

Open garrettfoster13 opened this issue 1 year ago • 3 comments

Unauth is failing to properly parse input files to the correct samaccountname string length and associated password. It is stripping the last two characters as expected but not account for the length limit for the attribute.

garrettfoster13 avatar Jun 27 '24 21:06 garrettfoster13

Had this same issue pop up today; tho it doesn't appear to always occur on my engagements.

Simple adjustment got me past this hurdle. Not sure if a PR would break other cases; but noting the patch here just incase others come across this.

def parse_input(inputfile, args):
    creds = []
    with open (inputfile) as f:
        y = f.read().split("\n")
        for i in y:
            if len(i) >= 16:
                # if accountname is 15 chars or more pw is first 14
                credentials = i + ":" + i.lower()[:-1]
            else:
                credentials = i + ":" + i.lower()
            creds.append(credentials)
        pw_spray(creds, args)

W9HAX avatar Feb 03 '25 19:02 W9HAX

Yeah I think I've done similar. What I need to do is do some string formatting to do a few things:

  1. make sure the string ends with $
  2. Make sure the hostname value is only 15 chars + the $
  3. Then .lower() the hostname value -1 char while respecting hostname values that aren't that length TBH I just haven't gotten around to it as it seems when you're using it for that behavior it's usually a generated wordlist rather than something like an ldapdomaindump or a null session dump.

Was your situation like that @W9HAX ?

garrettfoster13 avatar Feb 03 '25 22:02 garrettfoster13

Ah yes; this makes total sense. I just fed it a list of parsed A records from a DNS zone transfer and sprayed. Totally forgot to format with the MACHINE$ account name. Great stuff; all good!

W9HAX avatar Feb 03 '25 22:02 W9HAX