redsnarf
redsnarf copied to clipboard
nccgroup
Password Input Special Characters
RedSnarf fails to connect and execute proper query if password contains complex password policy with special characters.
../redsnarf.py -H ip=10.0.0.101 -u admwiz32 -p q1w2e3R$T%Y^ -d lab.local -cQ y
Password Input Solution In case to specify a complex password with special characters, the password it must be added inside single quotes. This seems to work but then it fails to perform a simple query to retrieve if the user belongs to specific group or not.
The problem occurs on the fact that the winexe breaks and cannot parse the password with the special characters.
../redsnarf.py -H ip=10.0.0.101 -u admwiz32 -p 'q1w2e3R$T%Y^' -d lab.local -cQ y
This can also be validated running the Command code that it fails directly with winexe..
/usr/bin/pth-winexe -U 'lab.local\admwiz32%q1w2e3R$T%Y^' --uninstall --system \/\/10.0.0.101 'net group "Domain Admins" /domain' 2>/dev/null
Winexe proper input manipulation
A solution comes to the way that winexe can parse proper our valid credentials. Instead of double (") quotes the corresponding lines must be changed with single (') quote.
@rmdavy I fixed both pth-winexe and pth-smbclient in redsnarf.py file. I went line by line and made the corresponding changes. Please also validate in case that I missed something.
@wizard32 it looks good so far :-) - I'm no longer with NCC so I can't pull it into the main project however I have implemented it in my own fork. Hopefully Ed will pick this up soon. There are a couple of other mods n fixes in my own fork including an installer for barebones Kali.
@rmdavy no worries.. glad to help. I saw a lot of differences on you own forked repo. I will follow yours too.