Open imhasin opened 5 months ago
I have a similar issue running bloodhound collection using netexec. Here's the issue I opened there. https://github.com/Pennyw0rth/NetExec/issues/243#issue-2220199048
I am running into a similar issue (besides the weird "Could not find Global Catalog in this domain" that i need to fix somehow):
EDIT: Now that i am looking at the error again it might be different though. Gonna try to get to the root cause later
Oh your stacktrace is different from the one you posted on NetExec: https://github.com/Pennyw0rth/NetExec/issues/243#issue-2220199048 https://github.com/Pennyw0rth/NetExec/issues/243#issuecomment-2031722146
The ones there have the exact same stacktrace as mine
The issue from the first post is triggered because likely both signing and channel binding are enforced, which is currently not supported by BloodHound.py. As a result, the authentication fails, and a stacktrace is triggered further in the code.
Hi, the combination of signing and channel binding isn't supported with NTLM auth in netexec as well (turned them on for sake of demonstration):
I also checked the settings and these are currently on negioate signing and don't enforce binding:
Also user enumeration looks like its working:
This is a link to a writeup on the same box in the same step using bloodhound-python. It works for some reason.
oxdf@hacky$ bloodhound-python -d rebound.htb -c all -u oorend -p '1GR8t@$$4u' -ns 10.10.11.231 --zip
INFO: Found AD domain: rebound.htb
INFO: Getting TGT for user
INFO: Connecting to LDAP server: dc01.rebound.htb
WARNING: LDAP Authentication is refused because LDAP signing is enabled. Trying to connect over LDAPS instead...
INFO: Found 1 domains
INFO: Found 1 domains in the forest
INFO: Found 2 computers
INFO: Connecting to LDAP server: dc01.rebound.htb
WARNING: LDAP Authentication is refused because LDAP signing is enabled. Trying to connect over LDAPS instead...
INFO: Found 16 users
INFO: Found 53 groups
INFO: Found 2 gpos
INFO: Found 2 ous
INFO: Found 19 containers
INFO: Found 0 trusts
INFO: Starting computer enumeration with 10 workers
INFO: Querying computer: gmsa.rebound.htb
INFO: Querying computer: dc01.rebound.htb
INFO: Skipping enumeration for gmsa.rebound.htb since it could not be resolved.
INFO: Done in 00M 22S
INFO: Compressing output into 20240317211834_bloodhound.zip
And this is a video walkthrough of using netexec bloodhound module. It also works fine there.
If you go further down on 0xdf's walkthrough (link directly above), it seems that is something to do with the -c all
method. If you change that it works as expected.
@NeffIsBack the same goes when executing it through NetExec!
Describe the bug Running the bloodhound-python against one of the servers with regular command I faced the issue. I tried:
To Reproduce
The following commands were used and both of the times same error occurs.
bloodhound-python -d rebound.htb -c all -u ldap_monitor -p '1GR8t@$$4u' -ns 10.129.229.114 --zip
bloodhound-python -u 'ldap_monitor' -p '1GR8t@$$4u' --dns-tcp -d rebound.htb -c all --zip -ns 10.129.229.114
Resulted in:
bloodhound-python Info:
pip3 install bloodhound