search

fortra / impacket

Impacket is a collection of Python classes for working with network protocols.
https://www.coresecurity.com
Other
13.56k stars 3.59k forks source link

GetUserSPNs.py: "Error in bindRequest -> invalidCredentials: 80090346: LdapErr: DSID-0C09069E, comment: AcceptSecurityContext error, data 80090346, v2580" #884

Open corsch opened 4 years ago

corsch commented 4 years ago

Configuration

impacket version: Impacket v0.9.21 Python version: Python 3.8.3 Target OS: kali-rolling

Debug Output With Command String

python3 /usr/share/doc/python3-impacket/examples/GetUserSPNs.py -request -dc-ip <DOMAIN/USER> -debug

python3 /usr/share/doc/python3-impacket/examples/GetUserSPNs.py -request  -dc-ip <DC_IP> <DOMAIN/USER> -debug
Impacket v0.9.21 - Copyright 2020 SecureAuth Corporation

[+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket
Password:
[+] Connecting to <DC_IP>, port 389, SSL False
[+] Connecting to <DC_IP>, port 636, SSL True
Traceback (most recent call last):
  File "/usr/share/doc/python3-impacket/examples/GetUserSPNs.py", line 261, in run
    ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
  File "/usr/lib/python3/dist-packages/impacket/ldap/ldap.py", line 341, in login
    raise LDAPSessionError(
impacket.ldap.ldap.LDAPSessionError: Error in bindRequest -> strongerAuthRequired: 00002028: LdapErr: DSID-0C09026E, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/share/doc/python3-impacket/examples/GetUserSPNs.py", line 466, in <module>
    executer.run()
  File "/usr/share/doc/python3-impacket/examples/GetUserSPNs.py", line 270, in run
    ldapConnection.login(self.__username, self.__password, self.__domain, self.__lmhash, self.__nthash)
  File "/usr/lib/python3/dist-packages/impacket/ldap/ldap.py", line 341, in login
    raise LDAPSessionError(
impacket.ldap.ldap.LDAPSessionError: Error in bindRequest -> invalidCredentials: 80090346: LdapErr: DSID-0C09069E, comment: AcceptSecurityContext error, data 80090346, v2580
[-] Error in bindRequest -> invalidCredentials: 80090346: LdapErr: DSID-0C09069E, comment: AcceptSecurityContext error, data 80090346, v2580

Additional context

Active Directory is running on Server 2012R2 (2012R2 Mode)

As far as I can tell the issue started after enabling "LDAP Channel Binding and LDAP Signing" as described in the following Security Advisory:

ADV190023 | Microsoft Guidance for Enabling LDAP Channel Binding and LDAP Signing https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190023

maaaaz commented 4 years ago

cf. https://github.com/SecureAuthCorp/impacket/issues/474

rmdavy commented 3 years ago

Any progress on this issue? had the same problem.

sm00v commented 2 years ago

bump. having the same issue

└─# crackmapexec ldap 192.168.100.39 -u user -p '2022test' --kdcHost 'c2.domain.local' --kerberos > 1 ⨯

[] completed: 100.00% (1/1) SMB 192.168.100.39 445 server [] Windows Server 2016 Standard 14393 x64 (name:server) (domain:server.local) (signing:True) (SMBv1:True) Traceback (most recent call last): File "/usr/local/lib/python3.9/dist-packages/cme/protocols/ldap.py", line 176, in kerberos_login self.ldapConnection.kerberosLogin(self.username, self.password, self.domain, self.lmhash, self.nthash, File "/usr/local/lib/python3.9/dist-packages/impacket/ldap/ldap.py", line 276, in kerberosLogin raise LDAPSessionError( impacket.ldap.ldap.LDAPSessionError: Error in bindRequest -> strongerAuthRequired: 00002028: LdapErr: DSID-0C090273, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the > connection, data 0, v3839

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/local/bin/crackmapexec", line 8, in sys.exit(main()) File "/usr/local/lib/python3.9/dist-packages/cme/crackmapexec.py", line 254, in main asyncio.run( File "/usr/lib/python3.9/asyncio/runners.py", line 44, in run return loop.run_until_complete(main) File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete return future.result() File "/usr/local/lib/python3.9/dist-packages/cme/crackmapexec.py", line 102, in start_threadpool await asyncio.gather(jobs) File "/usr/local/lib/python3.9/dist-packages/cme/crackmapexec.py", line 68, in run_protocol await asyncio.wait_for( File "/usr/lib/python3.9/asyncio/tasks.py", line 442, in wait_for return await fut File "/usr/lib/python3.9/concurrent/futures/thread.py", line 58, in run result = self.fn(self.args, **self.kwargs) File "/usr/local/lib/python3.9/dist-packages/cme/protocols/ldap.py", line 53, in init connection.init(self, args, db, host) File "/usr/local/lib/python3.9/dist-packages/cme/connection.py", line 62, in init self.proto_flow() File "/usr/local/lib/python3.9/dist-packages/cme/connection.py", line 98, in proto_flow if self.login() or (self.username == '' and self.password == ''): File "/usr/local/lib/python3.9/dist-packages/cme/connection.py", line 163, in login if self.kerberos_login(self.domain, self.aesKey, self.kdcHost): return True File "/usr/local/lib/python3.9/dist-packages/cme/protocols/ldap.py", line 194, in kerberos_login self.logger.success(out) UnboundLocalError: local variable 'out' referenced before assignment`

brownintown01 commented 2 years ago

same issue - [+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket Password: [+] Connecting to , port 389, SSL False [+] Connecting to , port 636, SSL True Traceback (most recent call last): File "/usr/share/doc/python3-impacket/examples/GetUserSPNs.py", line 261, in run ldapConnection.login(self.username, self.password, self.domain, self.lmhash, self.__nthash) File "/usr/lib/python3/dist-packages/impacket/ldap/ldap.py", line 341, in login raise LDAPSessionError( impacket.ldap.ldap.LDAPSessionError: Error in bindRequest -> strongerAuthRequired: 00002028: LdapErr: DSID-0C09026E, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/share/doc/python3-impacket/examples/GetUserSPNs.py", line 466, in executer.run() File "/usr/share/doc/python3-impacket/examples/GetUserSPNs.py", line 270, in run ldapConnection.login(self.username, self.password, self.domain, self.lmhash, self.__nthash) File "/usr/lib/python3/dist-packages/impacket/ldap/ldap.py", line 341, in login

Retrospected commented 1 year ago

I am facing the same issue. In my case the targeted LDAP service requires signing and throws this exception. LDAPS is not available.

FrankSpierings commented 1 year ago

Perform the attack using -k to use kerberos authentication. This appeared to work for me.