invalid Credentials every time

[b1gbroth3r]

Hey ropnop, first of all awesome tool, and I love that you've re-written it in Go! I've run into an issue today that I'm stumped by. I'm trying to run the simple module queries like admin-objects against a domain controller in the lab environment. I have 2 separate working sets of valid domain user credentials, and have confirmed they're valid through other tools (rpcclient, crackmapexec, ldapdomaindump, etc), yet I keep getting invalid Credentials upon every query attempt. Sample commands: windapsearch --dc dc01.lab.local -u <user> -p <password> -m admin-objects windapsearch --domain lab.local -u <user> -p <password> -m admin-objects

I followed the instructions on building the project with mage and ran into no issues on that front. Any idea on why this would be happening?

[ropnop]

Hey thanks! Hmm that’s strange. A few questions:

What format are you providing the username in? Is it “user@domain.com” ? Are there any special characters in the password? Can you try running it with verbose and debug options on and share the output?

It’s really interesting that ldapdomaindump works but windapsearch doesn’t. I’d love to get to the bottom of this. If possible, if you could get a wireshark capture of the LDAP bind failing that would be really helpful too!

[b1gbroth3r]

Ah, this is embarrassing, I didn't realize the username format needed to be user@domain.com. I was just doing username. Running it with the corrected format seems to have done the trick and it's working flawlessly now.

Thank you!

[ropnop]

Heh, no worries. I guess it doesn’t make sense to require that part of the username when the domain is given. I’ll change that in the next version so either should work!