Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] ldap.lua vs AD objectSID - Github PR #938

From: Tom Sellers <nmap () fadedcode net>
Date: Tue, 11 Jul 2017 20:36:03 -0500
The ldap.lua NSE library currently in SVN doesn't correctly handle the Active Directory objectSID attribute. It 
attempts to perform additional asn.1 decoding on it. I've opened PR#938 (
https://github.com/nmap/nmap/pull/938 ) with a patch that implements the correct conversion from bytes to the human 
readable string such as 1-5-21-542895397-2936746693-3965599772-500.

If there aren't any issues or concerns I'll commit the code later this week.

The testing command below requests all attributes for all users in the target Active Directory environment.

nmap -d -p 389 --script ldap-search --script-args \
'ldap.username="CN=Administrator,CN=Users,DC=adlab,DC=pwnable", \
ldap.password="UserPasswordHere", \
ldap.qfilter=users, \
ldap.attrib=*, \
ldap.savesearch=test' \
-Pn  192.168.50.231


Error message:

<snip>
NSE: ldap-search against 192.168.50.231:389 threw an error!
/usr/local/bin/../share/nmap/nselib/ldap.lua:657: bad argument #3 to 'format' (number expected, got boolean)
stack traceback:
        [C]: in function 'string.format'
        /usr/local/bin/../share/nmap/nselib/ldap.lua:657: in function 'ldap.searchResultToTable'
        /usr/local/bin/../share/nmap/scripts/ldap-search.nse:263: in function 
</usr/local/bin/../share/nmap/scripts/ldap-search.nse:119>
        (...tail calls...)

<snip>

Examples of the correct output can be seen on the PR.

Thanks,

Tom Sellers
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: