change colors and add values into db

Author: zblurx

nxc/protocols/ldap.py

@@ -149,8 +149,8 @@ def __init__(self, args, db, host):
         self.output_filename = None
         self.smbv1 = None
         self.signing = False
-        self.signing_required = False
-        self.cbt_status = 0
+        self.signing_required = None
+        self.cbt_status = None
         self.admin_privs = False
         self.no_ntlm = False
         self.sid_domain = ""
@@ -235,6 +235,7 @@ def get_ldap_username(self):
         return ""
 
     def check_ldap_signing(self):
+        self.signing_required = False
         ldap_url = f"ldap://{self.target}"
         ldap_connection = ldap_impacket.LDAPConnection(url=ldap_url, baseDN=self.baseDN, dstIp=self.host, signing=False)
         try:
@@ -244,14 +245,15 @@ def check_ldap_signing(self):
                 self.signing_required = True
 
     def check_ldaps_cbt(self):
+        self.cbt_status = "Never"
         ldap_url = f"ldaps://{self.target}"
         ldap_connection = ldap_impacket.LDAPConnection(url=ldap_url, baseDN=self.baseDN, dstIp=self.host)
         ldap_connection._LDAPConnection__channel_binding_value = None
         try:
             ldap_connection.login(user=" ",domain=self.domain)
         except ldap_impacket.LDAPSessionError as e:
             if str(e).find("data 80090346") >= 0:
-                self.cbt_status = 2 # CBT is Required
+                self.cbt_status = "Always" # CBT is Required
             elif str(e).find("data 52e") >= 0:
                 ldap_connection = ldap_impacket.LDAPConnection(url=ldap_url, baseDN=self.baseDN, dstIp=self.host)
                 tmp = bytearray(ldap_connection._LDAPConnection__channel_binding_value)
@@ -261,7 +263,7 @@ def check_ldaps_cbt(self):
                     ldap_connection.login(user=" ",domain=self.domain)
                 except ldap_impacket.LDAPSessionError as e:
                     if str(e).find("data 80090346") >= 0:
-                        self.cbt_status = 1 # CBT is When Supported
+                        self.cbt_status = "When Supported" # CBT is When Supported
 
     def enum_host_info(self):
         self.hostname = self.target.split(".")[0].upper() if "." in self.target else self.target
@@ -309,15 +311,17 @@ def enum_host_info(self):
                 self.host,
                 self.hostname,
                 self.domain,
-                self.server_os
+                self.server_os,
+                self.signing_required,
+                self.cbt_status
             )
         except Exception as e:
             self.logger.debug(f"Error adding host {self.host} into db: {e!s}")
 
     def print_host_info(self):
         self.logger.debug("Printing host info for LDAP")
         signing = colored(f"signing:Enforced", host_info_colors[0], attrs=["bold"]) if self.signing_required else colored(f"signing:None", host_info_colors[1], attrs=["bold"])
-        cbt_status = colored(f"channel binding:Always", host_info_colors[0], attrs=["bold"]) if self.cbt_status == 2 else colored(f"channel binding:{'Never' if self.cbt_status == 0 else 'When Supported'}", host_info_colors[1], attrs=["bold"])
+        cbt_status = colored(f"channel binding:{self.cbt_status}", host_info_colors[3], attrs=["bold"]) if self.cbt_status == "Always" else colored(f"channel binding:{self.cbt_status}", host_info_colors[2], attrs=["bold"])
         ntlm = colored(f"(NTLM:{not self.no_ntlm})", host_info_colors[2], attrs=["bold"]) if self.no_ntlm else ""
         self.logger.extra["protocol"] = "LDAP" if str(self.port) == "389" else "LDAPS"
         self.logger.extra["port"] = self.port

nxc/protocols/ldap/database.py

@@ -38,7 +38,9 @@ def db_schema(db_conn):
             "ip" text,
             "hostname" text,
             "domain" text,
-            "os" text
+            "os" text,
+            "signing" boolean,
+            "cbt_status" text
             )"""
         )
 
@@ -57,7 +59,7 @@ def reflect_tables(self):
                 )
                 sys.exit()
 
-    def add_host(self, ip, hostname, domain, os):
+    def add_host(self, ip, hostname, domain, os, signing = None, cbt_status = None):
         """Check if this host has already been added to the database, if not, add it in."""
         hosts = []
         updated_ids = []
@@ -71,7 +73,9 @@ def add_host(self, ip, hostname, domain, os):
                 "ip": ip,
                 "hostname": hostname,
                 "domain": domain,
-                "os": os
+                "os": os,
+                "signing" : signing,
+                "cbt_status" : cbt_status
             }
             hosts = [new_host]
         # update existing hosts data
@@ -85,6 +89,12 @@ def add_host(self, ip, hostname, domain, os):
                     host_data["hostname"] = hostname
                 if domain is not None:
                     host_data["domain"] = domain
+                if os is not None:
+                    host_data["os"] = os
+                if signing is not None:
+                    host_data["signing"] = signing
+                if cbt_status is not None:
+                    host_data["cbt_status"] = cbt_status
                 # only add host to be updated if it has changed
                 if host_data not in hosts:
                     hosts.append(host_data)

nxc/protocols/ldap/db_navigator.py

@@ -10,7 +10,9 @@ def display_hosts(self, hosts):
                 "IP",
                 "Hostname",
                 "Domain",
-                "OS"
+                "OS",
+                "Signing",
+                "Channel Binding"
             ]
         ]
 
@@ -25,14 +27,18 @@ def display_hosts(self, hosts):
             except Exception:
                 os = host[4]
 
+            signing = "Enforced" if bool(host[5]) else "None"
+            cbt_status =  host[6]
+
             data.append(
                 [
                     host_id,
                     ip,
                     hostname,
                     domain,
-                    os
-                ]
+                    os,
+                    signing,
+                    cbt_status              ]
             )
         print_table(data, title="Hosts")
 
@@ -54,7 +60,9 @@ def do_hosts(self, line):
                         "IP",
                         "Hostname",
                         "Domain",
-                        "OS"
+                        "OS",
+                        "Signing",
+                        "Channel Binding"
                     ]
                 ]
                 host_id_list = []
@@ -71,13 +79,18 @@ def do_hosts(self, line):
                     except Exception:
                         os = host[4]
 
+                    signing = "Enforced" if bool(host[5]) else "None"
+                    cbt_status =  host[6]
+
                     data.append(
                         [
                             host_id,
                             ip,
                             hostname,
                             domain,
-                            os
+                            os,
+                            signing,
+                            cbt_status
                         ]
                     )
                 print_table(data, title="Host")
@@ -87,7 +100,7 @@ def help_hosts(self):
         hosts [filter_term]
         By default prints all hosts
         Table format:
-        | 'HostID', 'IP', 'Hostname', 'Domain', 'OS' |
+        | 'HostID', 'IP', 'Hostname', 'Domain', 'OS', 'Signing, 'Channel Binding' |
         Subcommands:
             filter_term - filters hosts with filter_term
                 If a single host is returned (e.g. `hosts 15`, it prints the following tables: