pywerview_main_logger.LDAPRPCRequester - _do_ntlm_auth : Invalid Credentials

[device-asdf]

Why I'm encountering this error, I specified the right and working AD user credentials and whenever i used this command I'm getting this error and cannot authenticate.

proxychains ./pywerview.py get-netcomputer -w DomainName -d 172.x.x.x -u "user" -p "pas" --dc-ip 172.x.x.x [proxychains] config file found: /etc/proxychains4.conf [proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4 [proxychains] DLL init: proxychains-ng 4.16 [proxychains] DLL init: proxychains-ng 4.16 [proxychains] Strict chain ... 206.x.x.x:1080 ... 172.x.x.x:389 ... OK [CRITICAL] pywerview_main_logger.LDAPRPCRequester - _do_ntlm_auth : Invalid Credentials

[ThePirateWhoSmellsOfSunflowers]

Hello!

It seems that -d 172.x.x.x is the faulty param (-d is used to determined the default root DN within AD iirc), try without or use -d DomainName.

:sunflower:

[device-asdf]

Hi @ThePirateWhoSmellsOfSunflowers, thank you it worked. However I got another error

[CRITICAL] pywerview_main_logger.LDAPRPCRequester - _do_ntlm_auth : Server requires Channel Binding Token and your ldap3 install does not support it. Please install https://github.com/cannatag/ldap3/pull/1087 or try another authentication method

What does it mean by "Server requires Channel Binding Token"?

[ThePirateWhoSmellsOfSunflowers]

Hello!

Channel Binding is a protection against relay attacks on LDAPS: https://en.hackndo.com/ntlm-relay/#tls-binding It means that your DC is hardened and you have to switch to the develop branch or install the custom ldap3 version. More information here.

Closing now.

:sunflower: