Closed NeffIsBack closed 1 year ago
skelsec
commented
1 year ago Yes, the URL format has this well-known problem with special characters, which can be easily mitigated by not using the URL format with string formatting. Looking at you @mpgn .
@NeffIsBack quick workaround could be to apply URLencoding to the password password%23freswa until the core issue is solved
skelsec
commented
1 year ago Actually, scrap that it won't work like that either :/
That part will need some improvements, in the meantime you can hex-encode the password and use ntlm-pwhex auth method.
mpgn
commented
1 year ago i will rewrite the code to use asyauth directly :)
NeffIsBack
commented
1 year ago Closing, as this code doesn’t exist anymore👍🏼
Hi, as shown in Porchetta-Industries/CrackMapExec#725 the RDPConnectionFactory throws an error if a password contains the symbol
#. As you can see in the stacktrace from the issue, the methodurlparse, used in commons->target.py line 68, uses the#character as seperator for "\<fragments>", therefore not parsing the url correct and leading to not be able to return a port.Here is a screenshot, that hopefully helps understanding the problem (this is output from the target.py
def from_urlfunction):