Merge pull request Pennyw0rth#712 from Pennyw0rth/neff-fix-asreproast-anon

NeffIsBack · web-flow · commit 3e3987451b41 · 2025-06-03T11:17:02.000+02:00
Enable asreproast with anonymous ldap logins
diff --git a/nxc/connection.py b/nxc/connection.py
@@ -416,14 +416,14 @@ def parse_credentials(self):
                     with open(ntlm_hash) as ntlm_hash_file:
                         for i, line in enumerate(ntlm_hash_file):
                             line = line.strip()
-                            if len(line) != 32 and len(line) != 65:
+                            if len(line) != 32 and len(line) != 65 and len(line) != 0:
                                 self.logger.fail(f"Invalid NTLM hash length on line {(i + 1)} (len {len(line)}): {line}")
                                 continue
                             else:
                                 secret.append(line)
                                 cred_type.append("hash")
                 else:
-                    if len(ntlm_hash) != 32 and len(ntlm_hash) != 65:
+                    if len(ntlm_hash) != 32 and len(ntlm_hash) != 65 and len(ntlm_hash) != 0:
                         self.logger.fail(f"Invalid NTLM hash length {len(ntlm_hash)}, authentication not sent")
                         exit(1)
                     else:
diff --git a/nxc/protocols/ldap.py b/nxc/protocols/ldap.py
@@ -364,7 +364,7 @@ def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="",
         if nthash:
             self.nthash = nthash
 
-        if self.password == "" and self.args.asreproast:
+        if self.username and self.password == "" and self.args.asreproast:
             hash_tgt = KerberosAttacks(self).get_tgt_asroast(self.username)
             if hash_tgt:
                 self.logger.highlight(f"{hash_tgt}")
@@ -483,7 +483,7 @@ def plaintext_login(self, domain, username, password):
         self.password = password
         self.domain = domain
 
-        if self.password == "" and self.args.asreproast:
+        if self.username and self.password == "" and self.args.asreproast:
             hash_tgt = KerberosAttacks(self).get_tgt_asroast(self.username)
             if hash_tgt:
                 self.logger.highlight(f"{hash_tgt}")
@@ -574,7 +574,7 @@ def hash_login(self, domain, username, ntlm_hash):
         self.username = username
         self.domain = domain
 
-        if self.hash == "" and self.args.asreproast:
+        if self.username and self.hash == "" and self.args.asreproast:
             hash_tgt = KerberosAttacks(self).get_tgt_asroast(self.username)
             if hash_tgt:
                 self.logger.highlight(f"{hash_tgt}")
@@ -875,7 +875,7 @@ def resolve_and_display_hostname(name, domain_name=None):
                 trust_direction = int(trust["trustDirection"])
                 trust_type = int(trust["trustType"])
                 trust_attributes = int(trust["trustAttributes"])
-                
+
                 # See: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e9a2d23c-c31e-4a6f-88a0-6646fdb51a3c
                 trust_attribute_flags = {
                     0x1:    "Non-Transitive",
@@ -965,9 +965,6 @@ def active_users(self):
                 self.logger.highlight(f"{user.get('sAMAccountName', ''):<30}{pwd_last_set:<20}{user.get('badPwdCount', ''):<9}{user.get('description', '')}")
 
     def asreproast(self):
-        if self.password == "" and self.nthash == "" and not self.kerberos:
-            return False
-
         # Building the search filter
         search_filter = f"(&(UserAccountControl:1.2.840.113556.1.4.803:={UF_DONT_REQUIRE_PREAUTH})(!(UserAccountControl:1.2.840.113556.1.4.803:={UF_ACCOUNTDISABLE}))(!(objectCategory=computer)))"
         resp = self.search(search_filter, attributes=["sAMAccountName"], sizeLimit=0)
