Nmap Development mailing list archives
[NSE] ldap.lua vs AD objectSID - Github PR #938
From: Tom Sellers <nmap () fadedcode net>
Date: Tue, 11 Jul 2017 20:36:03 -0500
The ldap.lua NSE library currently in SVN doesn't correctly handle the Active Directory objectSID attribute. It attempts to perform additional asn.1 decoding on it. I've opened PR#938 ( https://github.com/nmap/nmap/pull/938 ) with a patch that implements the correct conversion from bytes to the human readable string such as 1-5-21-542895397-2936746693-3965599772-500. If there aren't any issues or concerns I'll commit the code later this week. The testing command below requests all attributes for all users in the target Active Directory environment. nmap -d -p 389 --script ldap-search --script-args \ 'ldap.username="CN=Administrator,CN=Users,DC=adlab,DC=pwnable", \ ldap.password="UserPasswordHere", \ ldap.qfilter=users, \ ldap.attrib=*, \ ldap.savesearch=test' \ -Pn 192.168.50.231 Error message: <snip> NSE: ldap-search against 192.168.50.231:389 threw an error! /usr/local/bin/../share/nmap/nselib/ldap.lua:657: bad argument #3 to 'format' (number expected, got boolean) stack traceback: [C]: in function 'string.format' /usr/local/bin/../share/nmap/nselib/ldap.lua:657: in function 'ldap.searchResultToTable' /usr/local/bin/../share/nmap/scripts/ldap-search.nse:263: in function </usr/local/bin/../share/nmap/scripts/ldap-search.nse:119> (...tail calls...) <snip> Examples of the correct output can be seen on the PR. Thanks, Tom Sellers _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] ldap.lua vs AD objectSID - Github PR #938 Tom Sellers (Jul 11)