Open benji1000 opened 7 months ago
That is odd. Is this a real environment or a lab? Could you try instead to specify the hostname with ldaps://
prefix
It is a real environment. I used ldaps://MACHINE-NAME
and ldaps://MACHINE-NAME.DOMAIN.TLD
.
Different stacktrace:
[-] Connecting to host...
[-] Binding to host
Traceback (most recent call last):
File "/opt/krbrelayx/dnstool.py", line 610, in <module>
main()
File "/opt/krbrelayx/dnstool.py", line 430, in main
if not c.bind():
^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/ldap3/core/connection.py", line 589, in bind
self.open(read_server_info=False)
File "/usr/local/lib/python3.11/dist-packages/ldap3/strategy/sync.py", line 57, in open
BaseStrategy.open(self, reset_usage, read_server_info)
File "/usr/local/lib/python3.11/dist-packages/ldap3/strategy/base.py", line 146, in open
raise exception_history[0][0]
ldap3.core.exceptions.LDAPSocketOpenError: socket ssl wrapping error: [Errno 104] Connection reset by peer
The LDAPS TCP/636 port is open on the machine.
I have access to the environment until Friday 16th 11:00 AM UTC. Feel free to tell me if I can perform other tests!
since I have never seen Windows behave this way, it sounds like some IDS/IPS/EDR product is dropping your connection. usually using LDAP over TLS works around this but in your environment it doesn't sound like that is working either. I don't have any ideas right now what you could try to bypass this
There isn't any specific EDR on the machine, only Windows Defender. I didn't have the chance to investigate the logs, so I guess the story ends here... If I am able to gather some logs, I will post them, but I doubt it.
Thank you for your time anyway! And for the tool, which works well in other environments where I was able to use it :)
tl;dr instead of using ldaps://host
to connect, use -force-ssl
and -port 636
Just encountered this error as well - it appears be an odd behavior due to how arguments are passed when creating a connection.
https://github.com/dirkjanm/krbrelayx/blob/master/dnstool.py#L424
My guess is that it attempts to use port 389, even if you try ldaps://host
Hello,
here is what happens when I try adding a record using
dnstool.py
(of course replacing the values forDOMAIN
,USER
,PASSWORD
):After that, I am not able to make a simple connection to the DC using cme/nxc...
It is the use of dnstool.py that creates this situation, no other tool does that. What could I provide you with to help you troubleshoot?