Hanging When Retrieving LDAP Objects

[quantumburnz]

Hi,
When running RustHound against a large domain, RustHound eventually hangs at "LDAP objects received: xxxxx". The TCP/389 connection is still open (observed via tcpdump) but it appears the DC stops sending data (for an unknown reason) and just sends ACKs. In the following code block, it appears RustHound just continues to wait indefinitely. Perhaps a timeout could be set and RustHound can resend the request if it hasn't received a response by the timeout?

// Wait and get next values
let pb = ProgressBar::new(1);
let mut count = 0;	
while let Some(entry) = search.next().await? {
	let entry = SearchEntry::construct(entry);
	//trace!("{:?}", &entry);
	// Manage progress bar
	count += 1;
	progress_bar(pb.to_owned(),"LDAP objects retreived".to_string(),count,"#".to_string());	
	// Push all result in rs vec()
	rs.push(entry);
}
pb.finish_and_clear();

[g0h4n]

Hi quantumburnz,

I think it's possible to add with_timeout() to ldap object. https://docs.rs/ldap3/latest/ldap3/struct.Ldap.html#method.with_timeout

In our case, the use of .await? interrupts the execution of the asynchronous function and waits for a promise to be resolved. When the promise is resolved (held or broken), the value is returned and the execution of the asynchronous function resumes.

I would like to know if in your case "LDAP objects received: xxxxx" remains blocked? Or it continues to be incremented?

[quantumburnz]

with_timeout() looks very promising @g0h4n !

"LDAP objects received: xxxxx" remains blocked. To elaborate, it makes it to a high number and stops. However, I'm guessing the .await? never interrupts because the TCP session with the DC is still open so RustHound expects the DC will send more data at some point but it never does after waiting more than an hour.