search

AlmondOffSec / PassTheCert

Proof-of-Concept tool to authenticate to an LDAP/S server with a certificate through Schannel
Apache License 2.0
555 stars 71 forks source link

LDAP server is Unavailable #9

Closed secziko closed 1 year ago

secziko commented 1 year ago

I found that most of the old reported issues is with the same title! , i'm wondering why this happened

I scanned all Domain controllers and found that they all have the 389 open port and 636

started the command using the following

passthecert.exe --server dc.contoso.local --cert-path file.pfx --whoami --start-tls

Then the usual error appears! , i wrote a simple app to test the ldap connection on port 389 and it was working , when i tried to debug the passthecert application , i found that the error happened when the whoami command is sent in line 242

Any suggestions on this ?

ThePirateWhoSmellsOfSunflowers commented 1 year ago

Hello,

I don't know why, but SChannel authentication seems to randomly throws this error. As you can see on the following example I successfully managed to reproduce the error once and after that, it worked :shrug: 

PS C:\Users\x\Downloads> .\PassTheCert.exe --server dc02.domain.org --cert-path .\user.pfx --whoami

Unhandled Exception: System.DirectoryServices.Protocols.LdapException: The LDAP server is unavailable.
   at System.DirectoryServices.Protocols.LdapConnection.Connect()
   at System.DirectoryServices.Protocols.LdapConnection.SendRequestHelper(DirectoryRequest request, Int32& messageID)
   at System.DirectoryServices.Protocols.LdapConnection.SendRequest(DirectoryRequest request, TimeSpan requestTimeout)
   at PassTheCert.Program.Whoami(LdapConnection connection)
   at PassTheCert.Program.Main(String[] args)
PS C:\Users\x\Downloads>
PS C:\Users\x\Downloads> # wait like 10 sec
PS C:\Users\x\Downloads>
PS C:\Users\x\Downloads> .\PassTheCert.exe --server dc02.domain.org --cert-path .\user.pfx --whoami --start-tls
Querying LDAP As : u:DOMAIN\user
PS C:\Users\x\Downloads> .\PassTheCert.exe --server dc02.domain.org --cert-path .\user.pfx --whoami
Querying LDAP As : u:DOMAIN\user
PS C:\Users\x\Downloads> # after that it always worked...

I suspect that the first time, the TCP connection timeouts because server-side API calls take too much time to authenticate the user but the second time, user's authentication is "cached" somewhere. I also observed this behavior with passthecert.py and another project that uses SChannel.

So I suggest you to try again, or try the python version. I hope I helped you.

:sunflower:

ThePirateWhoSmellsOfSunflowers commented 1 year ago

No activity, closing now. Please re-open if needed.

:sunflower: