Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve LDAP dc-list flag #476

Merged
merged 7 commits into from
Jan 1, 2025
Merged

Improve LDAP dc-list flag #476

merged 7 commits into from
Jan 1, 2025

Conversation

termanix
Copy link
Contributor

name: Improved the dc-list.
about: In the previous code, it was working based on /etc/hosts and it would fail sometimes cause of that.
title: 'Improve LDAP dc-list flag'
labels: 'Enhancement, bug-fix'
assignees: ''

Description

It was working base on /etc/hosts and tried to socket connection. It fails sometimes, espcially real life scenarios.
The functionality of the code was changed with direct DNS records and queries. It now works without being linked to /etc/hosts.
Note: It takes DNS nameserver IP address from self.host

And also used parse_result_attributes for parsing (#471)

Type of change

Please delete options that are not relevant.
[+ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)

How Has This Been Tested?

NetExec ldap $IP -u username -p password --dc-list

Screenshots (if appropriate):

image

@termanix
Update dc-list
92c892f 
Signed-off-by: termanix <[email protected]>
NeffIsBack
NeffIsBack requested changes Nov 6, 2024
View reviewed changes
Copy link
Contributor

@NeffIsBack NeffIsBack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The connection object has a built-in dns resolver:

NetExec/nxc/connection.py

Lines 180 to 191 in 72fee6a

def resolver(self, target):
try:
return get_host_addr_info(
target=target,
force_ipv6=self.args.force_ipv6,
dns_server=self.args.dns_server,
dns_tcp=self.args.dns_tcp,
dns_timeout=self.args.dns_timeout
)
except Exception as e:
self.logger.info(f"Error resolving hostname {target}: {e}")
return None

This should probably be used, as this also respects the "new" dns flags

@NeffIsBack NeffIsBack added the enhancement New feature or request label Nov 6, 2024
@mpgn
Copy link
Collaborator

mpgn commented Dec 31, 2024

image

ok ✅

mpgn
mpgn previously approved these changes Dec 31, 2024
View reviewed changes
NeffIsBack
NeffIsBack requested changes Dec 31, 2024
View reviewed changes
Copy link
Contributor

@NeffIsBack NeffIsBack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already have dns args and imo these should be used here as well. So either the dns resolver should be the same as in the connection.py or the dns arguments should also be respected in this function

@NeffIsBack
Copy link
Contributor

Refering to:

NetExec/nxc/cli.py

Lines 43 to 47 in 131e29e

dns_group = dns_parser.add_argument_group("DNS")
dns_group.add_argument("-6", dest="force_ipv6", action="store_true", help="Enable force IPv6")
dns_group.add_argument("--dns-server", action="store", help="Specify DNS server (default: Use hosts file & System DNS)")
dns_group.add_argument("--dns-tcp", action="store_true", help="Use TCP instead of UDP for DNS queries")
dns_group.add_argument("--dns-timeout", action="store", type=int, default=3, help="DNS query timeout in seconds")

NeffIsBack
NeffIsBack approved these changes Jan 1, 2025
View reviewed changes
Copy link
Contributor

@NeffIsBack NeffIsBack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM:
image

@NeffIsBack NeffIsBack merged commit 59faa48 into Pennyw0rth:main Jan 1, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@NeffIsBack NeffIsBack NeffIsBack approved these changes

@mpgn mpgn mpgn left review comments

@zblurx zblurx Awaiting requested review from zblurx zblurx is a code owner

@Marshall-Hallenbeck Marshall-Hallenbeck Awaiting requested review from Marshall-Hallenbeck Marshall-Hallenbeck is a code owner

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@termanix @mpgn @NeffIsBack