Fix conf base for child domains

[lefayjey]

Hello, I had an issue while using the ADCS and subnets modules on a child domain. This fix is working for me (on child and parent domains). Please find details below.

└─$ crackmapexec ldap 192.168.56.11 -u hodor -p hodor -M ADCS            
SMB         192.168.56.11   445    WINTERFELL       [*] Windows 10.0 Build 17763 x64 (name:WINTERFELL) (domain:north.sevenkingdoms.local) (signing:True) (SMBv1:False)
LDAP        192.168.56.11   389    WINTERFELL       [+] north.sevenkingdoms.local\hodor:hodor 
ADCS        192.168.56.11   389    WINTERFELL       [-] Obtained unexpected exception: Error in searchRequest -> noSuchObject: 0000208D: NameErr: DSID-0310028C, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=north,DC=sevenkingdoms,DC=local'

└─$ crackmapexec ldap 192.168.56.11 -u hodor -p hodor -M subnets         
SMB         192.168.56.11   445    WINTERFELL       [*] Windows 10.0 Build 17763 x64 (name:WINTERFELL) (domain:north.sevenkingdoms.local) (signing:True) (SMBv1:False)
LDAP        192.168.56.11   389    WINTERFELL       [+] north.sevenkingdoms.local\hodor:hodor 
SUBNETS     192.168.56.11   389    WINTERFELL       [*] Getting the Sites and Subnets from domain
Traceback (most recent call last):
  File "/home/kali/.local/bin/crackmapexec", line 8, in <module>
    sys.exit(main())
  File "/home/kali/.local/pipx/venvs/crackmapexec/lib/python3.10/site-packages/cme/crackmapexec.py", line 257, in main
    asyncio.run(
  File "/usr/lib/python3.10/asyncio/runners.py", line 44, in run
    return loop.run_until_complete(main)
  File "/usr/lib/python3.10/asyncio/base_events.py", line 649, in run_until_complete
    return future.result()
  File "/home/kali/.local/pipx/venvs/crackmapexec/lib/python3.10/site-packages/cme/crackmapexec.py", line 105, in start_threadpool
    await asyncio.gather(*jobs)
  File "/home/kali/.local/pipx/venvs/crackmapexec/lib/python3.10/site-packages/cme/crackmapexec.py", line 69, in run_protocol
    await asyncio.wait_for(
  File "/usr/lib/python3.10/asyncio/tasks.py", line 408, in wait_for
    return await fut
  File "/usr/lib/python3.10/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/home/kali/.local/pipx/venvs/crackmapexec/lib/python3.10/site-packages/cme/protocols/ldap.py", line 82, in __init__
    connection.__init__(self, args, db, host)
  File "/home/kali/.local/pipx/venvs/crackmapexec/lib/python3.10/site-packages/cme/connection.py", line 65, in __init__
    self.proto_flow()
  File "/home/kali/.local/pipx/venvs/crackmapexec/lib/python3.10/site-packages/cme/connection.py", line 103, in proto_flow
    self.call_modules()
  File "/home/kali/.local/pipx/venvs/crackmapexec/lib/python3.10/site-packages/cme/connection.py", line 132, in call_modules
    self.module.on_login(context, self)
  File "/home/kali/.local/pipx/venvs/crackmapexec/lib/python3.10/site-packages/cme/modules/subnets.py", line 48, in on_login
    list_sites = connection.ldapConnection.search(
  File "/home/kali/.local/pipx/venvs/crackmapexec/lib/python3.10/site-packages/impacket/ldap/ldap.py", line 358, in search
    raise LDAPSearchError(
impacket.ldap.ldap.LDAPSearchError: Error in searchRequest -> noSuchObject: 0000208D: NameErr: DSID-0310028C, problem 2001 (NO_OBJECT), data 0, best match of:
        'DC=north,DC=sevenkingdoms,DC=local'

The error is caused by the config base "CN=Configuration" which should be containing the root domain and not the full child domain:

Thanks!

[mpgn]

Hello, thanks for the report,

@nurfed1 can you double check the fix ?

[nurfed1]

Hi,

Finally found some time to double check this. This is indeed correct. I confirmed that the patches are properly working.

[mpgn]

thanks @nurfed1 <3

[mpgn]

Thanks for the PR, the pr is now merged on the last official repository of CrackMapExec

https://github.com/mpgn/CrackMapExec/commit/5f5884785faa7c664633d56a247a2c16febe6503