PFX authentication error
Closed this issue · 2 comments
noraj commented
The pass phrase of the PFX is empty.
$ ldeep ldap --pfx-file machine.pfx -d acme.local -s ldaps://10.0.0.1 pso
Cannot get private key data, corrupted key or wrong passphrase ?
noraj commented
I don't know if the previous error is linked to that but.
Based on the help message, ldeep doesn't have the option to provide a pfx password like in gettgtpkinit (impacket).
b92e811 seems to add pfx password support (fix #39).
Update: It seems I'm using an older version of ldeep. I'll try last version.
So with the last version, with pfx-pass, I can't provide a blank password.
$ ldeep ldap --pfx-file machine.pfx -pfx-pass "" -d acme.local -s ldaps://10.0.0.1 pso
usage: ldeep ldap [-h] -d DOMAIN -s LDAPSERVER [-b BASE] [-t {ntlm,simple}] [--throttle THROTTLE] [--page_size PAGE_SIZE] [-u USERNAME] [-p PASSWORD] [-H NTLM] [-k] [--pfx-file PFX_FILE] [--pfx-pass PFX_PASS]
[--cert-pem CERT_PEM] [--key-pem KEY_PEM] [-a]
{auth_policies,bitlockerkeys,computers,conf,delegations,domain_policy,fsmo,gmsa,gpo,groups,machines,ou,pkis,pso,sccm,shadow_principals,silos,smsa,subnets,trusts,users,zones,from_guid,from_sid,laps,memberships,membersof,object,sddl,silo,zone,all,enum_users,search,whoami,add_to_group,create_computer,create_user,modify_password,remove_from_group,unlock}
...
ldeep ldap: error: argument command_ldap: invalid choice: '' (choose from 'auth_policies', 'bitlockerkeys', 'computers', 'conf', 'delegations', 'domain_policy', 'fsmo', 'gmsa', 'gpo', 'groups', 'machines', 'ou', 'pkis', 'pso', 'sccm', 'shadow_principals', 'silos', 'smsa', 'subnets', 'trusts', 'users', 'zones', 'from_guid', 'from_sid', 'laps', 'memberships', 'membersof', 'object', 'sddl', 'silo', 'zone', 'all', 'enum_users', 'search', 'whoami', 'add_to_group', 'create_computer', 'create_user', 'modify_password', 'remove_from_group', 'unlock')
BastienFaure commented
@noraj this is fixed in the latest version. In your command you were missing a - in -pfx-pass. I just tried it and it works.