Address comments from NeffIsBack

t94j0 · t94j0 · commit 73dc41122a15 · 2025-05-30T11:51:42.000-04:00
diff --git a/nxc/protocols/ldap.py b/nxc/protocols/ldap.py
@@ -201,7 +201,7 @@ def create_conn_obj(self):
             target_domain = sub(
                 r",DC=",
                 ".",
-                base_dn[base_dn.lower().find("dc=") :],
+                base_dn[base_dn.lower().find("dc="):],
                 flags=IGNORECASE,
             )[3:]
         except ConnectionRefusedError as e:
@@ -322,7 +322,12 @@ def enum_host_info(self):
         self.output_filename = os.path.expanduser(f"~/.nxc/logs/{self.hostname}_{self.host}".replace(":", "-"))
 
         try:
-            self.db.add_host(self.host, self.hostname, self.domain, self.server_os)
+            self.db.add_host(
+                self.host,
+                self.hostname,
+                self.domain,
+                self.server_os
+            )
         except Exception as e:
             self.logger.debug(f"Error adding host {self.host} into db: {e!s}")
 
@@ -338,7 +343,7 @@ def print_host_info(self):
         self.logger.display(f"{self.server_os} (name:{self.hostname}) (domain:{self.domain}) ({signing}) ({cbt_status}) {ntlm}")
 
     def kerberos_login(self, domain, username, password="", ntlm_hash="", aesKey="", kdcHost="", useCache=False):
-        self.username = username if not self.username else self.username  # With ccache we get the username from the ticket
+        self.username = username if not self.username else self.username    # With ccache we get the username from the ticket
         self.password = password
         self.domain = domain
         self.kdcHost = kdcHost
@@ -870,12 +875,27 @@ def resolve_and_display_hostname(name, domain_name=None):
                 trust_direction = int(trust["trustDirection"])
                 trust_type = int(trust["trustType"])
                 trust_attributes = int(trust["trustAttributes"])
-
+                
                 # See: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/e9a2d23c-c31e-4a6f-88a0-6646fdb51a3c
-                trust_attribute_flags = {0x1: "Non-Transitive", 0x2: "Uplevel-Only", 0x4: "Quarantined Domain", 0x8: "Forest Transitive", 0x10: "Cross Organization", 0x20: "Within Forest", 0x40: "Treat as External", 0x80: "Uses RC4 Encryption", 0x200: "Cross Organization No TGT Delegation", 0x800: "Cross Organization Enable TGT Delegation", 0x2000: "PAM Trust"}
+                trust_attribute_flags = {
+                    0x1:    "Non-Transitive",
+                    0x2:    "Uplevel-Only",
+                    0x4:    "Quarantined Domain",
+                    0x8:    "Forest Transitive",
+                    0x10:   "Cross Organization",
+                    0x20:   "Within Forest",
+                    0x40:   "Treat as External",
+                    0x80:   "Uses RC4 Encryption",
+                    0x200:  "Cross Organization No TGT Delegation",
+                    0x800:  "Cross Organization Enable TGT Delegation",
+                    0x2000: "PAM Trust"
+                }
 
                 # For check if multiple posibble flags, like Uplevel-Only, Treat as External
-                trust_attributes_text = ", ".join(text for flag, text in trust_attribute_flags.items() if trust_attributes & flag) or "Other"  # If Trust attrs not known
+                trust_attributes_text = ", ".join(
+                    text for flag, text in trust_attribute_flags.items()
+                    if trust_attributes & flag
+                ) or "Other"  # If Trust attrs not known
 
                 # Convert trust direction/type to human-readable format
                 direction_text = {
@@ -1091,7 +1111,10 @@ def printTable(items, header):
                 self.logger.highlight(outputFormat.format(*row))
 
         # Building the search filter
-        search_filter = f"(&(|(UserAccountControl:1.2.840.113556.1.4.803:={UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION})(UserAccountControl:1.2.840.113556.1.4.803:={UF_TRUSTED_FOR_DELEGATION})(msDS-AllowedToDelegateTo=*)(msDS-AllowedToActOnBehalfOfOtherIdentity=*))(!(UserAccountControl:1.2.840.113556.1.4.803:={UF_ACCOUNTDISABLE})))"
+        search_filter = (f"(&(|(UserAccountControl:1.2.840.113556.1.4.803:={UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION})"
+                         f"(UserAccountControl:1.2.840.113556.1.4.803:={UF_TRUSTED_FOR_DELEGATION})"
+                         "(msDS-AllowedToDelegateTo=*)(msDS-AllowedToActOnBehalfOfOtherIdentity=*))"
+                         f"(!(UserAccountControl:1.2.840.113556.1.4.803:={UF_ACCOUNTDISABLE})))")
         # f"(!(UserAccountControl:1.2.840.113556.1.4.803:={UF_SERVER_TRUST_ACCOUNT})))")  This would filter out RBCD to DCs
 
         attributes = ["sAMAccountName", "pwdLastSet", "userAccountControl", "objectCategory", "msDS-AllowedToActOnBehalfOfOtherIdentity", "msDS-AllowedToDelegateTo"]
