search

byt3bl33d3r / CrackMapExec

A swiss army knife for pentesting networks
BSD 2-Clause "Simplified" License
8.35k stars 1.64k forks source link

Passwords with special characters causes the ldap-checker module to break #732

Closed Paradoxis closed 1 year ago

Paradoxis commented 1 year ago

Describe the bug Passwords with special characters causes the ldap-checker module to break. Using the password Password?! with the ldap-checker module results in the error:

something went wrong during ldaps_withEPA bind:Port could not be cast to integer value as 'Password'

To Reproduce

$ cme ldap -u user1 -p 'Password?!' -d example.local -M ldap-checker <ip>

Bypass: Change the password to a password without special chars.

Expected behavior The scan should work normally

Crackmapexec info

Additional context The exact culprit appears to be the LDAPConnectionFactory.from_url method, which incorrectly parses the questionmark and sees it as query parameters.

The best way to approach this would be to not create and re-parse credentials, but simply make the required objects by hand.

from msldap.commons.target import MSLDAPTarget
from msldap.commons.factory import LDAPConnectionFactory
from asyauth.common.credentials import UniCredential

target = MSLDAPTarget(...)
credential = UniCredential(...)
factory = LDAPConnectionFactory(credential, target)
mpgn commented 1 year ago

True, added on my todolist

mpgn commented 1 year ago

Hello,

Thanks for the issue, it is now fixed on the last public release of CrackMapExec https://github.com/mpgn/CrackMapExec v6.0.0

Regards,

mpgn