Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding pycryptodome to setup.py #146

Merged
merged 1 commit into from
Nov 28, 2023
Merged

Adding pycryptodome to setup.py #146

merged 1 commit into from
Nov 28, 2023

Conversation

ShutdownRepo
Copy link
Contributor

Echoes with #120
Without pycryptodome, we get the following error

# bloodhound.py --zip -c All -d "DOMAIN.LOCAL" -u "XXXXXXXXXX" -p "XXXXXXXXXX" -dc "DC.DOMAIN.LOCAL" -ns 10.10.10.10
INFO: Found AD domain: htb.local
INFO: Getting TGT for user
WARNING: Failed to get Kerberos TGT. Falling back to NTLM authentication. Error: [Errno Connection error (htb.local:88)] [Errno -3] Temporary failure in name resolution
INFO: Connecting to LDAP server: forest.htb.local
Traceback (most recent call last):
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/ldap3/utils/ntlm.py", line 500, in ntowf_v2
    from Crypto.Hash import MD4  # try with the Crypto library if present
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^
ModuleNotFoundError: No module named 'Crypto'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/root/.local/bin/bloodhound-python", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/bloodhound/__init__.py", line 338, in main
    bloodhound.run(collect=collect,
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/bloodhound/__init__.py", line 79, in run
    self.pdc.prefetch_info('objectprops' in collect, 'acl' in collect, cache_computers=do_computer_enum)
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/bloodhound/ad/domain.py", line 523, in prefetch_info
    self.get_objecttype()
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/bloodhound/ad/domain.py", line 240, in get_objecttype
    self.ldap_connect()
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/bloodhound/ad/domain.py", line 69, in ldap_connect
    ldap = self.ad.auth.getLDAPConnection(hostname=self.hostname, ip=ip,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/bloodhound/ad/authentication.py", line 109, in getLDAPConnection
    bound = conn.bind()
            ^^^^^^^^^^^
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/ldap3/core/connection.py", line 628, in bind
    response = self.do_ntlm_bind(controls)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/ldap3/core/connection.py", line 1394, in do_ntlm_bind
    request = bind_operation(self.version, 'SICILY_RESPONSE_NTLM', ntlm_client,
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/ldap3/operation/bind.py", line 81, in bind_operation
    server_creds = name.create_authenticate_message()
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/ldap3/utils/ntlm.py", line 379, in create_authenticate_message
    nt_challenge_response = self.compute_nt_response()
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/ldap3/utils/ntlm.py", line 485, in compute_nt_response
    response_key_nt = self.ntowf_v2()
                      ^^^^^^^^^^^^^^^
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/ldap3/utils/ntlm.py", line 503, in ntowf_v2
    raise e  # raise original exception
    ^^^^^^^
  File "/root/.local/pipx/venvs/bloodhound/lib/python3.11/site-packages/ldap3/utils/ntlm.py", line 497, in ntowf_v2
    password_digest = hashlib.new('MD4', self._password.encode('utf-16-le')).digest()
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.pyenv/versions/3.11.5/lib/python3.11/hashlib.py", line 166, in __hash_new
    return __get_builtin_constructor(name)(data)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/root/.pyenv/versions/3.11.5/lib/python3.11/hashlib.py", line 123, in __get_builtin_constructor
    raise ValueError('unsupported hash type ' + name)
ValueError: unsupported hash type MD4

@ShutdownRepo ShutdownRepo mentioned this pull request Oct 19, 2023
Merged
@dirkjanm dirkjanm merged commit 6c48c7f into dirkjanm:master Nov 28, 2023
@dirkjanm
Copy link
Owner

technically an upstream issue in ldap3, but i'll merge this in to prevent unexpected breakages

@ShutdownRepo ShutdownRepo deleted the setup_missing_pycryptodome branch December 11, 2023 21:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ShutdownRepo @dirkjanm