certi icon indicating copy to clipboard operation
certi copied to clipboard

Published 20 hours ago verified publisher icon zer1t0

LDAPS support

Open Elan0r opened this issue 3 years ago • 2 comments

I m trying to connect to a Server which requires LDAPS with Signing and Channel Binding. There is no switch to activate it, ldap3 has the possibility to use it. here the debug output with Kerberos Ticket: python3 ./certi.py list 'domain.local/User' -k -n --dc-ip 10.1.2.3 Traceback (most recent call last): File "/opt/certi/./certi.py", line 5, in <module> certilib.main() File "/opt/certi/certilib/main.py", line 239, in main return main_list(args) File "/opt/certi/certilib/main.py", line 398, in main_list ldap_conn = connect_ldap( File "/opt/certi/certilib/ldap.py", line 43, in connect_ldap ldap_conn.kerberosLogin( File "/usr/local/lib/python3.9/dist-packages/impacket/ldap/ldap.py", line 276, in kerberosLogin raise LDAPSessionError( impacket.ldap.ldap.LDAPSessionError: Error in bindRequest -> strongerAuthRequired: 00002028: LdapErr: DSID-0C090259, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v4563

here the output with NTLM Hash: raceback (most recent call last): File "/opt/certi/./certi.py", line 5, in <module> certilib.main() File "/opt/certi/certilib/main.py", line 239, in main return main_list(args) File "/opt/certi/certilib/main.py", line 398, in main_list ldap_conn = connect_ldap( File "/opt/certi/certilib/ldap.py", line 53, in connect_ldap ldap_conn.login( File "/usr/local/lib/python3.9/dist-packages/impacket/ldap/ldap.py", line 343, in login raise LDAPSessionError( impacket.ldap.ldap.LDAPSessionError: Error in bindRequest -> strongerAuthRequired: 00002028: LdapErr: DSID-0C090259, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v4563

The Auth method is not the Problem.

I'm using Kali rolling Python 3.9 impacket 0.9.24 via pip3 ldap3 2.9.1 via pip3 Target is WinSrv 2019 1809 LDAPS with Channel Binding and Signing

Elan0r avatar Dec 21 '21 09:12 Elan0r

Second that

binarytrails avatar Jul 27 '22 21:07 binarytrails

Hi, could do you check if the https://github.com/zer1t0/certi/pull/3 with LDAPS support works for you?

zer1t0 avatar Aug 30 '22 11:08 zer1t0