-
Notifications
You must be signed in to change notification settings - Fork 229
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NetExec LDAP is using System's DNS #184
Comments
Unfortunately impacket does not support using a custom name server (atleast the last time checked). That's the reason it hasn't been done yet, although many people already run into the problem. |
Thanks for your prompt response :) I'll update here if I can find a suitable workaround (apart changing my system's dns) |
Adding the ip/host to you hosts file is not an option ? |
That would work indeed, but needs root privileges (or change permissions on the /etc/host file), which I try to avoid when not necessary. Especially because i'm automating this. |
That's what i'm going to do :)
|
@bmigette It's |
@XiaoliChanis this a new option ? Could not find it in the doc |
No, but I can try to add it |
@XiaoliChan would definitely be useful but it was mentionned above that it's a limitation from impacket lib, so not sure how easy / feasible it would be :) |
@mpgn works for me thanks a lot !! Added the comments in the pull request. |
Describe the bug
When using NetExec with ldap protocol, netexec is doing some dns resolutions that uses system's DNS and will cause failure.
There's numerous case where we should be able to :
Also, the error is misleading. In my particular case, the target IP (172.16.230.10) can be used for LDAP, but because netexec resolved this to a different IP using public DNS, connection failed.
To Reproduce
Command:
netexec --debug ldap 172.16.230.10 -u myuser -p 'mypass'
Resulted in:
Expected behavior
DNS resolution should use a custom server (like the -ns option for bloodhound), or find the domain DNS automatically.
Using System's DNS assume everytime we do a ldap test we need to adjust system's DNS.
Lastly, in the above example, the domain was resolved by public DNS to a public IP that was filtered. The logs never showed any attempt to connect to this public IP and I had to do a TCPDump capture to understand what's going on.
NetExec info
Additional context
None
The text was updated successfully, but these errors were encountered: