Merge pull request #59 from SAERXCIT/dumpadcs-fixaceflag

fortra#1318 [ntlmrelayx] Dump ADCS: bug fixes
ThePorgs · Jun 3, 2024 · 7fed0fc · 7fed0fc
2 parents f4c6948 + cc42f5d
commit 7fed0fc
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/impacket/examples/ntlmrelayx/attacks/ldapattack.py b/impacket/examples/ntlmrelayx/attacks/ldapattack.py
@@ -677,10 +677,12 @@ def get_enrollment_principals(entry):
 
             for ace in (a for a in sd["Dacl"]["Data"] if a["AceType"] == ldaptypes.ACCESS_ALLOWED_OBJECT_ACE.ACE_TYPE):
                 sid = format_sid(ace["Ace"]["Sid"].getData())
-                if ace["Ace"]["ObjectTypeLen"] == 0:
+                if ace["Ace"]["Flags"] == 2:
                     uuid = bin_to_string(ace["Ace"]["InheritedObjectType"]).lower()
-                else:
+                elif ace["Ace"]["Flags"] == 1:
                     uuid = bin_to_string(ace["Ace"]["ObjectType"]).lower()
+                else:
+                    continue
 
                 if not uuid in enrollment_uuids:
                     continue
@@ -711,7 +713,7 @@ def translate_sids(sids):
                     sid_map[sid] = sid
                     continue
 
-                if not len(self.client.response):
+                if not len(self.client.entries):
                     sid_map[sid] = sid
                 else:
                     sid_map[sid] = domain_fqdn + "\\" + self.client.response[0]["attributes"]["name"]