From 5a9af9803c07200bb07113d77ed200d143d4bc51 Mon Sep 17 00:00:00 2001 From: Roman Karwacik Date: Thu, 12 Sep 2024 10:44:32 +0200 Subject: [PATCH] Add clear_keycredentiallinks to ldap_shell --- impacket/examples/ldap_shell.py | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/impacket/examples/ldap_shell.py b/impacket/examples/ldap_shell.py index 8acf7960fc..c9b67e3376 100755 --- a/impacket/examples/ldap_shell.py +++ b/impacket/examples/ldap_shell.py @@ -357,6 +357,27 @@ def do_clear_rbcd(self, computer_name): else: raise Exception('The server returned an error: %s', self.client.result['message']) + def do_clear_keycredentiallinks(self, computer_name): + success = self.client.search(self.domain_dumper.root, '(sAMAccountName=%s)' % escape_filter_chars(computer_name), attributes=['objectSid', 'msDS-KeyCredentialLink']) + if success is False or len(self.client.entries) != 1: + raise Exception("Error expected only one search result got %d results", len(self.client.entries)) + + target = self.client.entries[0] + target_sid = target["objectsid"].value + print("Found Target DN: %s" % target.entry_dn) + print("Target SID: %s\n" % target_sid) + + self.client.modify(target.entry_dn, {'msDS-KeyCredentialLink':[ldap3.MODIFY_REPLACE, []]}) + if self.client.result['result'] == 0: + print('KeyCredentialLinks cleared successfully!') + else: + if self.client.result['result'] == 50: + raise Exception('Could not modify object, the server reports insufficient rights: %s', self.client.result['message']) + elif self.client.result['result'] == 19: + raise Exception('Could not modify object, the server reports a constrained violation: %s', self.client.result['message']) + else: + raise Exception('The server returned an error: %s', self.client.result['message']) + def do_dump(self, line): print('Dumping domain info...') self.stdout.flush() @@ -667,6 +688,7 @@ def do_help(self, line): add_user_to_group user group - Adds a user to a group. change_password user [password] - Attempt to change a given user's password. Requires LDAPS. clear_rbcd target - Clear the resource based constrained delegation configuration information. + clear_keycredentiallinks target - Clear the keycredentiallink information. disable_account user - Disable the user's account. enable_account user - Enable the user's account. dump - Dumps the domain.