Closed rkornmeyer closed 7 years ago
the-useless-one
commented
8 years ago Hey @rkornmeyer,
can you please post more details? To help you, I will need:
Thanks!
Y
rkornmeyer
commented
8 years ago edited the original issue with more information.
the-useless-one
commented
8 years ago Hi @rkornmeyer,
this is weird, it seems to be in a call made in the impacket library to the pyasn1 library. Can you tell me what version of pyasn1 you have installed?
rkornmeyer
commented
8 years ago pyasn1 0.1.9 - I can confirm, that at least another one of my colleagues has the same issue. It is intermittent between users. The same error also happens if you're using get-netgroupmembers and it pulls a user with the offending data ( which i think at this point is one of the time/date variables.) It could be possible these users are in different time zones, ahead or behind the current time.
the-useless-one
commented
8 years ago Hmm, I don't think it's a problem with the time stamps or dates, cause no interpretation is made of them (there is no check to see the time zone, or if they're behind or ahead of the current time/date). At this point, I'm more inclined to think that it's a compatibility problem with your pywerview/impacket/pyasn1 versions. Here's my version of pyasn1:
$ dpkg -l | grep pyasn1
ii python-pyasn1 0.1.7-1 all ASN.1 library for Python (Python 2 module)
ii python-pyasn1-modules 0.0.5-0.1 all Collection of protocols modules written in ASN.1 languageWhat Linux distro (and in what version) are you running?
rkornmeyer
commented
8 years ago right! sorry, that might be completely true. pip does install pyasn1 0.1.9, so it might be worth noting that in requirements somewhere... even though impacket just installs 0.1.9... so the other thing i was thinking of and included the link to was :
https://github.com/the-useless-one/pywerview/blob/master/pywerview/objects/adobjects.py#L53
Traceback (most recent call last):
File "pywerview.py", line 24, in
but I can start a new issue for that one.
the-useless-one
commented
8 years ago I installed pyasn1 with my package manager, so this might explain the difference in our versions. I'll keep this issue opened, until I have some time to perform more tests with different versions of pyasn1. Also, I'm noting that you're executing pywerview on Windows. Keep in mind that I developed pywerview to be an AD enumeration tool for Linux, so I didn't test its behavior at all on a Windows environment. So this is something I'll also have to test.
Regarding the error with the time stamp, I'd indeed rather you opened another issue. But as noted above, I don't know the behavior of pywerview on Windows.
Thanks!
rkornmeyer
commented
8 years ago noted, that's just where I copied the logs from. It also did the same thing on Debian with the same impacket version and same pyasn1 version.
ThePirateWhoSmellsOfSunflowers
commented
8 years ago My 2 cents, With
$ pip list | grep impacket
impacket (0.9.16.dev0)and
$ pip list | grep asn1
pyasn1 (0.1.9)I don't have any trouble to use LDAP queries with Pywerview on Debian 8.6.
the-useless-one
commented
7 years ago Sorry for the delay @rkornmeyer, but as with @ThePirateWhoSmellsOfSunflowers, I was not able to reproduce the problem on Debian:
$ pip list | grep -E "impacket|pyasn1"
impacket (0.9.16-dev)
pyasn1 (0.1.9)
$ ./pywerview.py get-netuser -t 192.168.47.132 -w uselessdomain.local -u root -p password --username root
accountexpires: 0
admincount: 1
badpasswordtime: 2017-01-17 22:28:06
badpwdcount: 0
cn: root
codepage: 1252
countrycode: 1
distinguishedname: CN=root,CN=Users,DC=uselessdomain,DC=local
dscorepropagationdata: 2016-06-18 14:10:23,
2016-06-18 13:41:35,
1601-01-01 00:04:16
homedirectory:
instancetype: 4
isgroup: False
lastlogoff: 1601-01-01 00:09:21
lastlogon: 2017-01-17 22:30:00
lastlogontimestamp: 131291604309379200
logoncount: 345
logonhours: [255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255]
memberof: CN=NestedGroup,OU=SecondOU,OU=TestOU,DC=uselessdomain,DC=local,
CN=Domain Admins,CN=Users,DC=uselessdomain,DC=local,
CN=Enterprise Admins,CN=Users,DC=uselessdomain,DC=local,
CN=Schema Admins,CN=Users,DC=uselessdomain,DC=local,
CN=Users,CN=Builtin,DC=uselessdomain,DC=local,
CN=Administrators,CN=Builtin,DC=uselessdomain,DC=local
name: root
objectcategory: CN=Person,CN=Schema,CN=Configuration,DC=uselessdomain,DC=local
objectclass: top,
person,
organizationalPerson,
user
objectguid: 09c10301-18d9-4ebd-8c57-fe8aeb49bc2e
objectsid: S-1-5-21-2193705973-3019999467-1313540997-1001
primarygroupid: 513
profilepath:
pwdlastset: 2017-01-17 22:00:45
samaccountname: root
samaccounttype: 805306368
scriptpath: \\Uselessdc1\sysvol\uselessdomain.local\scripts\login.bat
useraccountcontrol: 512
usnchanged: 49240
usncreated: 8198
whenchanged: 2017-01-17 21:00:45
whencreated: 2016-06-18 13:40:31You're talking about "users with offending data". Can you post such a user, so that I can try to recreate the problem locally?
Thanks! Cheers,
Y
byt3bl33d3r
commented
7 years ago @the-useless-one bump. Seems to be happening to me as well when running get-netlocalgroup:
#~ pywerview get-netlocalgroup --computername 192.168.10.21 -t 192.168.10.11 -u user -p pass --group Administrators
Traceback (most recent call last):
File "/home/byt3bl33d3r/.virtualenvs/CME/bin/pywerview", line 11, in <module>
load_entry_point('pywerview==0.2.0', 'console_scripts', 'pywerview')()
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/cli/main.py", line 449, in main
results = args.func(**parsed_args)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/cli/helpers.py", line 166, in get_netlocalgroup
list_groups=list_groups, recurse=recurse)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 134, in wrapper
return f(*args, **kwargs)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 216, in wrapper
return f(*args, **kwargs)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/functions/net.py", line 590, in get_netlocalgroup
ad_object = self.get_adobject(queried_sid=member_sid)[0]
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 134, in wrapper
return f(*args, **kwargs)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/functions/net.py", line 46, in get_adobject
return self._ldap_search(object_filter, adobj.ADObject)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 96, in _ldap_search
size=1000)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 582, in __init__
self['controlType'] = CONTROL_PAGEDRESULTS
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pyasn1/type/univ.py", line 1945, in __setitem__
self.setComponentByName(idx, value)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pyasn1/type/univ.py", line 2037, in setComponentByName
self._componentType.getPositionByName(name), value, verifyConstraints, matchTags, matchConstraints
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 552, in setComponentByPosition
matchConstraints=matchConstraints)
TypeError: setComponentByPosition() got an unexpected keyword argument 'exactTypes'This only seems to be happening when I specify a domain controller, If I don't it works fine (so seems to be a problem with the LDAP connection to the DC):
#~ pywerview get-netlocalgroup --computername 192.168.10.21 -u user -p pass --group Administrators
isdomain: False
isgroup: False
lastlogin:
name: WIN7/Administrator
server: 192.168.10.21
sid: S-1-5-21-1124277571-3903610354-1476945526-500
isdomain: True
isgroup: False
lastlogin:
name:
server: 192.168.10.21
sid: S-1-5-21-1049426096-2728124650-4150323340-512
isdomain: True
isgroup: False
lastlogin:
name:
server: 192.168.10.21
sid: S-1-5-21-1049426096-2728124650-4150323340-1108On a side note, it would be awesome if there was a get-netlocalusers command as well ;)
Thanks!
the-useless-one
commented
7 years ago @byt3bl33d3r, when you specify a domain controller in the get-netlocalgroup command, it tries to resolve non-local SIDs, so that it can list domain users that are member of local groups.
Could you try issuing the following commands?
#~ pywerview get-adobject -t 192.168.10.11 -u user -p pass --group Administrators --sid S-1-5-21-1049426096-2728124650-4150323340-512
#~ pywerview get-adobject -t 192.168.10.11 -u user -p pass --group Administrators --sid S-1-5-21-1049426096-2728124650-4150323340-1108Could you also list your installed versions of:
Thanks a lot! Cheers,
Y
byt3bl33d3r
commented
7 years ago Output of pip freeze:
appdirs==1.4.3
asn1crypto==0.22.0
beautifulsoup4==4.5.3
bs4==0.0.1
cffi==1.10.0
cryptography==1.8.1
enum34==1.1.6
idna==2.5
impacket==0.9.16.dev0
ipaddress==1.0.18
packaging==16.8
pyasn1==0.2.3
pycparser==2.17
pycrypto==2.6.1
pyOpenSSL==16.2.0
pyparsing==2.2.0
pywerview==0.2.0
six==1.10.0Running those commands gave the same error:
Traceback (most recent call last):
File "/home/byt3bl33d3r/.virtualenvs/pywerview/bin/pywerview", line 11, in <module>
load_entry_point('pywerview==0.2.0', 'console_scripts', 'pywerview')()
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/cli/main.py", line 449, in main
results = args.func(**parsed_args)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/cli/helpers.py", line 35, in get_adobject
ads_path=ads_path, custom_filter=custom_filter)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/requester.py", line 134, in wrapper
return f(*args, **kwargs)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/functions/net.py", line 46, in get_adobject
return self._ldap_search(object_filter, adobj.ADObject)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/requester.py", line 96, in _ldap_search
size=1000)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 582, in __init__
self['controlType'] = CONTROL_PAGEDRESULTS
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pyasn1/type/univ.py", line 1945, in __setitem__
self.setComponentByName(idx, value)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pyasn1/type/univ.py", line 2037, in setComponentByName
self._componentType.getPositionByName(name), value, verifyConstraints, matchTags, matchConstraints
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 552, in setComponentByPosition
matchConstraints=matchConstraints)
TypeError: setComponentByPosition() got an unexpected keyword argument 'exactTypes'Also I've now noticed that this error happens on every cmdlet that supports the -t flag
Let me know if you need more info.
Cheers
the-useless-one
commented
7 years ago Ok, the problem seems to come from your version of pyasn1. If I install pyasn1v0.2.3, I get the same error as you (TypeError: setComponentByPosition() got an unexpected keyword argument 'exactTypes').
However, with pyasn1v0.1.9, there doesn't seem to be any problem. I'll have to ask @asolino, because pyasn1 is an impacket dependency, not a pywerview one.
I'll leave this issue open until I can clear things out with @asolino. Thanks!
PS: if you don't need the latest version of pyasn1, you can downgrade to 0.1.9 with this command:
$ sudo pip install "pyasn1==0.1.9"The changes were made in impacket, and it should now resolve your issue. Make sure to use impacketv0.9.16-dev from the GitHub repository, and not from PyPI. I'm closing this, feel free to reopen it if you still have problem.
Cheers,
Y
UPDATED impacket from repo
command python powerview.py -w fullyqualdomainname -u -p -d fqdn.name --username blah
my assumption it is this line of code :
https://github.com/the-useless-one/pywerview/blob/master/pywerview/objects/adobjects.py#L53
as it does not happen with every user.
powerview is Get-NetUser -UserName -DomainController
Not sure why but basically all ldap queries have started returning the following error for me:
Traceback (most recent call last): File "/usr/local/bin/pywerview", line 9, in
load_entry_point('pywerview==0.1.1', 'console_scripts', 'pywerview')()
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/cli/main.py", line 347, in main
results = args.func(parsed_args)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/cli/helpers.py", line 166, in get_netlocalgroup
list_groups=list_groups, recurse=recurse)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/requester.py", line 127, in wrapper
return f(*args, *kwargs)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/requester.py", line 197, in wrapper
return f(args, kwargs)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/functions/net.py", line 550, in get_netlocalgroup
ad_object = self.get_adobject(queried_sid=member_sid)[0]
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/requester.py", line 127, in wrapper
return f(*args, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/functions/net.py", line 44, in get_adobject
return self._ldap_search(object_filter, adobj.ADObject)
File "/usr/local/lib/python2.7/dist-packages/pywerview-0.1.1-py2.7.egg/pywerview/requester.py", line 92, in _ldap_search
size=1000)
File "/usr/local/lib/python2.7/dist-packages/impacket/ldap/ldapasn1.py", line 582, in init
self['controlType'] = CONTROL_PAGEDRESULTS
File "/usr/lib/python2.7/dist-packages/pyasn1/type/univ.py", line 727, in setitem
self.setComponentByName(idx, value)
File "/usr/lib/python2.7/dist-packages/pyasn1/type/univ.py", line 760, in setComponentByName
verifyConstraints
File "/usr/local/lib/python2.7/dist-packages/impacket/ldap/ldapasn1.py", line 552, in setComponentByPosition
matchConstraints=matchConstraints)
TypeError: setComponentByPosition() got an unexpected keyword argument 'exactTypes'
This is with the latest impacket library installed.