Problem with "FindOne" and "FindAll" functions, Invoke-ADCheckAll is not working.

[EscrVirtuoso]

Describe the bug I have some problems with FindOne and FindAll functions even if I followed every installation step properly. I'm not sure if this is a bug or just a little problem, but I'm asking some help here, maybe some people have the same problem.

To Reproduce I just installed everything in the right order, and launched the ADCheckAll command with the good options. Right after this, I had all the errors I put in screenshot. I can't have any informations about my Active Directory because of these errors.

Expected behavior I just expected the script to work as I installed everything, and checked multiple times if everything was ok. But this isn't working unfortunately.

Thank you very much for reading this ! And thank you even more if you have some informations to help me.

Screenshots

[0xJs]

Hey,If you run Powerview commands manually with a credential object, the credentials, domains and server parameters with the values it works?Those errors are from the powerview commands because it can't reach or interact with the DC.Sent from Outlook for Android

[0xJs]

And did you run it as Admin? Might be a DNS issue.Sent from Outlook for Android

[EscrVirtuoso]

Thanks for your response !

I'm running it as Admin for sure.

I will try to run Powerview commands apart, but I'm not sure of how I can do this, I am kinda new into powershell commands and things like that.

I will put some other screenshots after if it can help !

[0xJs]

Hi EscrViortuso,

Try to run a simple querry to target the users. For example

Load the PowerView Module first from the import directory of my tool:

. ./PowerView.ps1

Create a credential object with:

$Creds = Get-Credential

Then run a query:

Get-DomainUser -Domain -Server -Credential $Creds

If that gives any error there probably is a problem with the credentials or connectivity to the domain.

From: EscrVirtuoso @.> Sent: Friday, May 3, 2024 9:45 AM To: 0xJs/domain_audit @.> Cc: 0xJs @.>; Comment @.> Subject: Re: [0xJs/domain_audit] Problem with "FindOne" and "FindAll" functions, Invoke-ADCheckAll is not working. (Issue #5)

Thanks for your response !

I'm running it as Admin for sure.

I will try to run Powerview commands apart, but I'm not sure of how I can do this, I am kinda new into powershell commands and things like that.

I will put some other screenshots after if it can help !

- Reply to this email directly, view it on GitHub https://github.com/0xJs/domain_audit/issues/5#issuecomment-2092480058 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AKPTCLNFLG6YF3C53GZGTF3ZA M563AVCNFSM6AAAAABHD4AE36VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJSGQ4DA MBVHA . You are receiving this because you commented. https://github.com/notifications/beacon/AKPTCLMRWNC62AB4OZIVSWLZAM563A5CNFS M6AAAAABHD4AE36WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT 4XC3DU.gif Message ID: @. @.> >

[EscrVirtuoso]

Thanks ! I tried what you said, here is a screenshot of what I have as an error and what I did to have this error.

I also reinstalled everything properly, I don't really know what the problem is actually.

Thank you very much anyway, that's very cool to help me :)

[0xJs]

Hi,

No problem to help! I think there are connectivity issues. Are you running this in a lab?

Can you do a nmap scan of the target host and check if LDAP (port 389) is available.

From: EscrVirtuoso @.> Sent: Friday, May 3, 2024 10:11 AM To: 0xJs/domain_audit @.> Cc: 0xJs @.>; Comment @.> Subject: Re: [0xJs/domain_audit] Problem with "FindOne" and "FindAll" functions, Invoke-ADCheckAll is not working. (Issue #5)

Thanks ! I tried what you said, here is a screenshot of what I have as an error and what I did to have this error.

I also reinstalled everything properly, I don't really know what the problem is actually.

Thank you very much anyway, that's very cool to help me :)

image.png (view on web) https://github.com/0xJs/domain_audit/assets/168753295/8350d0cd-4e7e-4ad3-82 5a-c072005fa2da

- Reply to this email directly, view it on GitHub https://github.com/0xJs/domain_audit/issues/5#issuecomment-2092523607 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AKPTCLI6UBIHNPMJERY3B5LZA NBCVAVCNFSM6AAAAABHD4AE36VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAOJSGUZDG NRQG4 . You are receiving this because you commented. https://github.com/notifications/beacon/AKPTCLPF6ZOIZMCVM33RQPTZANBCVA5CNFS M6AAAAABHD4AE36WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT 4XFQFO.gif Message ID: @. @.> >

[EscrVirtuoso]

I found the problem ! Thank you very much for your help.

I had a problem with the name of the Active Directory domain, that's why it was not working !

I still have some errors at the end of the check scan, I will send you screenshots when I can, but that's maybe just some errors with no impact, as the script is now working well !

Thank you very much for your work and your help !

[EscrVirtuoso]

Hello again ! I'm so sorry to send you a message !!

I have errors during the scan with a module named imp and cme with crackmapexec.

Here are my errors :

Do you have an idea on how to resolve this ?

Thank you very much for your work !

[0xJs]

Hey,Probably because Windows Defender deleted some files from crackmapexec. Completely disable defender forever through local group policies or allow list the user directory with the .shiv directory.Then reinstall and get crackmapexec working individually before running domain audit. You can test the commandPython pathtocme smb IP -u user -p password On my phone atm so can't be more specificSent from Outlook for AndroidFrom: EscrVirtuoso @.>Sent: Tuesday, May 28, 2024 3:00:19 pmTo: 0xJs/domain_audit @.>Cc: 0xJs @.>; Comment @.>Subject: Re: [0xJs/domain_audit] Problem with "FindOne" and "FindAll" functions, Invoke-ADCheckAll is not working. (Issue #5) Hello again ! I'm so sorry to send you a message !! I have errors during the scan with a module named imp and cme with crackmapexec. Here are my errors : image.png (view on web) Do you have an idea on how to resolve this ? Thank you very much for your work !

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: @.***>

[EscrVirtuoso]

Thanks for your response !

I tried to disable windows defender but I have the same error for the moment.

When I'm using crackmapexec only it seems to work, here is a screenshot :

I will try to see what this .shiv directory is and how can I change it to make the tool work.

Have a nice day and thank you very much :)

[0xJs]

Yeah cme is working fine it seems. You still get the same error when running the domain audit tool?It is complaining about packages. Remove the directory and rerun crackmapexec it should recreate that .shiv directory and files.Sent from Outlook for AndroidFrom: EscrVirtuoso @.>Sent: Wednesday, May 29, 2024 5:25:43 pmTo: 0xJs/domain_audit @.>Cc: 0xJs @.>; Comment @.>Subject: Re: [0xJs/domain_audit] Problem with "FindOne" and "FindAll" functions, Invoke-ADCheckAll is not working. (Issue #5) Thanks for your response ! I tried to disable windows defender but I have the same error for the moment. When I'm using crackmapexec only it seems to work, here is a screenshot : image.png (view on web) I will try to see what this .shiv directory is and how can I change it to make the tool work. Have a nice day and thank you very much :)

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: @.***>

[EscrVirtuoso]

Well, even when I try to remove the .shiv directory and then run the cme alone there's no problem, but once again when using the tool I have the same error. I don't really understand what is the problem, it is kinda strange.

I don't know if it is normal too, but I have a directory .cme which contains some other directories which seems empty (for example the folder module)

And here is my .shiv folder :

With a lot of other folders in the site-packages like this :

Does everything seems normal and good ?

[0xJs]

Sorry no clue either from looking at the screenshots :( troubleshooting is a bitch. Will try it out next week if it still works for me.You can try to look up the command it's trying to run and run it manually. Can't really see it in the screenshot. But you can open the script and search for the module that is running crackmapexec.Sent from Outlook for AndroidFrom: EscrVirtuoso @.>Sent: Wednesday, May 29, 2024 6:46:36 pmTo: 0xJs/domain_audit @.>Cc: 0xJs @.>; Comment @.>Subject: Re: [0xJs/domain_audit] Problem with "FindOne" and "FindAll" functions, Invoke-ADCheckAll is not working. (Issue #5) Well, even when I try to remove the .shiv directory and then run the cme alone there's no problem, but once again when using the tool I have the same error. I don't really understand what is the problem, it is kinda strange. I don't know if it is normal too, but I have a directory .cme which contains some other directories which seems empty (for example the folder module) image.png (view on web) And here is my .shiv folder : image.png (view on web) With a lot of other folders in the site-packages like this : image.png (view on web) Does everything seems normal and good ?

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you commented.Message ID: @.***>

[EscrVirtuoso]

Hello again ! I find a solution to the problem when I checked all my files once again. I had a problem with some python versions which were not the good ones and those versions were used by your tool, it caused a lot of problems :/

Well, now it seems to work, but I have just one more question. The step "Checking for access over RDP" isn't completing, it seems to be locked or bugged I don't know, but maybe it is just taking a long time to complete ?

Here is a screenshot :

I really want to thank you for your help, I learned a lot of things and it's very nice of you :D

[0xJs]

Glad that you were able to fix it!

Yeah the CME part is hanging a lot, you might need to enter or to wait. It is probing every system through port 3389 with cme. Cme rdp -u -p .

Should probably replace it with netexec (which my friend did and made a pull request) but haven't been able to test it in my lab yet. Busy with other things.

From: EscrVirtuoso @.> Sent: Thursday, May 30, 2024 14:35 To: 0xJs/domain_audit @.> Cc: 0xJs @.>; Comment @.> Subject: Re: [0xJs/domain_audit] Problem with "FindOne" and "FindAll" functions, Invoke-ADCheckAll is not working. (Issue #5)

Hello again ! I find a solution to the problem when I checked all my files once again. I had a problem with some python versions which were not the good ones and those versions were used by your tool, it caused a lot of problems :/

Well, now it seems to work, but I have just one more question. The step "Checking for access over RDP" isn't completing, it seems to be locked or bugged I don't know, but maybe it is just taking a long time to complete ?

Here is a screenshot :

image.png (view on web) https://github.com/0xJs/domain_audit/assets/168753295/b6d987bf-852b-4ec5-88 51-b9d9d7fa99d6

I really want to thank you for your help, I learned a lot of things and it's very nice of you :D

- Reply to this email directly, view it on GitHub https://github.com/0xJs/domain_audit/issues/5#issuecomment-2139458945 , or unsubscribe https://github.com/notifications/unsubscribe-auth/AKPTCLLSYLNGITGINQFJ6KLZE 4MG7AVCNFSM6AAAAABHD4AE36VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZZGQ2TQ OJUGU . You are receiving this because you commented. https://github.com/notifications/beacon/AKPTCLJFWONEC7DYPJ2JRSLZE4MG7A5CNFS M6AAAAABHD4AE36WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTT 7QWGYC.gif Message ID: @. @.> >