Open ucdraymond opened 5 years ago
Is this still an issue? We've made several changes to the LDAP enumeration logic.
I'll check tomorrow.
Op do 11 jul. 2019 om 16:49 schreef Rohan Vazarkar <notifications@github.com
Is this still an issue? We've made several changes to the LDAP enumeration logic.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/BloodHoundAD/SharpHound/issues/67?email_source=notifications&email_token=ALX6CLGG4GD6545AI6XQASTP65B7XA5CNFSM4HDSUIXKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZW6INI#issuecomment-510518325, or mute the thread https://github.com/notifications/unsubscribe-auth/ALX6CLACX2N33OVJX3TVMC3P65B7XANCNFSM4HDSUIXA .
The suspense...
I seem to run in a loop if I use sharphound (any version, any syntax).
Doesn't really matter which syntax I use, I always get the LDAPMessage when I sniff the LDAP traffic with Wireshark:
Expert Info (Warning/Malformed): BER Error: Sequence expected but class:UNIVERSAL(0) primitive tag:5 was unexpected
SharpHound.exe --debug -v Debug Mode activated! Initializing BloodHound at 2:18 PM on 4/4/2019 Found usable Domain Controller for somedomain.net : ADSERVER.somedomain.net Resolved Collection Methods to Group, LocalAdmin, Session, Trusts, RDP, DCOM Starting Enumeration for csmglobal.net Debug: Creating connection Debug: Getting search request Debug: Creating page control Debug: Starting loop
After the loop I see several minutes of timeout and after this very limited LDAP traffic.