search

CroweCybersecurity / ad-ldap-enum

An LDAP based Active Directory user and group enumeration tool
MIT License
302 stars 68 forks source link

Null Password and NTLM Hash #31

Open Zamanry opened 1 year ago

Zamanry commented 1 year ago

On the HackTheBox machine Escape, the guest user was enabled on a DC. I attempted to authenticate using the password '' but the tool refused to accept it as a valid parameter value. Even when I used the prompt parameter, the issue arose.

Additionally, I attempted to use PassTheHash via the null NTLM hash, 31d6cfe0d16ae931b73c59d7e0c089c0, but the DC responded incorrect password.

We need to figure out the password null password (could be checking if variable exists vs. null). We also need to figure out why PassTheHash seems to not be accepted some time.

Zamanry commented 1 year ago

Root cause issue likely: https://github.com/cannatag/ldap3/pull/1080