1+ import re
2+ from impacket .ldap import ldap , ldapasn1
3+ from impacket .ldap .ldap import LDAPSearchError
4+
5+
6+ class NXCModule :
7+ """
8+ Find PKI Enrollment Services in Active Directory and Certificate Templates Names.
9+
10+ Module by Tobias Neitzel (@qtc_de) and Sam Freeside (@snovvcrash)
11+ """
12+
13+ name = "adcs"
14+ description = "Find PKI Enrollment Services in Active Directory and Certificate Templates Names"
15+ supported_protocols = ["ldap" ]
16+ opsec_safe = True
17+ multiple_hosts = True
18+
19+ def __init__ (self , context = None , module_options = None ):
20+ self .context = context
21+ self .module_options = module_options
22+ self .server = None
23+ self .regex = None
24+
25+ def options (self , context , module_options ):
26+ """
27+ BASE_DN The base domain name for the LDAP query
28+ """
29+ self .regex = re .compile ("(https?://.+)" )
30+
31+ self .server = None
32+ self .base_dn = None
33+ if module_options and "SERVER" in module_options :
34+ self .server = module_options ["SERVER" ]
35+ if module_options and "BASE_DN" in module_options :
36+ self .base_dn = module_options ["BASE_DN" ]
37+
38+ def on_login (self , context , connection ):
39+ """On a successful LDAP login we perform a search for all PKI Enrollment Server or Certificate Templates Names."""
40+ self .context = context
41+ search_filter = "(|(objectClass=mSSMSSite)(objectClass=mSSMSManagementPoint)(objectClass=mSSMSRoamingBoundaryRange)(objectClass=mSSMSServer))"
42+ context .log .display (f"Starting LDAP search with search filter '{ search_filter } )
43+
44+ try :
45+ sc = ldap .SimplePagedResultsControl ()
46+ base_dn_root = connection .ldapConnection ._baseDN if self .base_dn is None else self .base_dn
47+
48+ result = connection .ldapConnection .search (
49+ searchFilter = search_filter ,
50+ attributes = [],
51+ sizeLimit = 0 ,
52+ searchControls = [sc ],
53+ searchBase = base_dn_root ,
54+ )
55+ except LDAPSearchError as e :
56+ context .log .fail (f"Obtained unexpected exception: { e } )
57+
58+
0 commit comments