[dcomrt.py] RPC connect timeout shouldn't be hard-coding

[XiaoliChan]

Configuration

impacket version: latest Python version: 3.11.4 Target OS: Kali Linux latest

Debug Output With Command String

The timeout shouldn't be hard-coding https://github.com/fortra/impacket/blob/6e2b0c7450a228ba0066d36cb174d224b72cf643/impacket/dcerpc/v5/dcomrt.py#L1294

If the stringbinding address is inaccessible, then it will be hanging a long time in wmiexec.py.

[anadrianmanrique]

Hi, this doesn't seem to be an issue per se. I think it might be better to have some kind of PR in order to review/understand your necessities. Could you please send a PR instead? so we can explore which option would be the best? Thanks

[XiaoliChan]

@anadrianmanrique Thanks for your reply, I tried to make a PR about that, But it is really hard for me.

l can tell you why, because in some cases if the firewall blocks the port of stringbinding like ncacn_ip_tcp:192.168.1.1[49666], it will be hanging until timeout (takes a long time).

Shouldn't hard-coding that timeout threshold, need something like dcom.set_timeout()

[XiaoliChan]

It always happens in wmiexec.py dcomexec.py if the target has enabled firewall.

[XiaoliChan]

Reference:

• https://github.com/mpgn/CrackMapExec/issues/58
• https://github.com/mpgn/CrackMapExec/pull/97

[XiaoliChan]

@anadrianmanrique Maybe the PR like this https://github.com/mpgn/impacket/pull/1

[ilija-lazoroski]

I can confirm that this is an issue if the firewall doesn't allow DCOM connection. I can make the PR if @XiaoliChan doesn't mind.

[XiaoliChan]

@ilija-lazoroski Sure!

[gabrielg5]

Duplicated with #1454 ?

[XiaoliChan]

Duplicated with #1454 ?

Seems to be yes.