本文整理汇总了Python中ldap3.NTLM属性的典型用法代码示例。如果您正苦于以下问题:Python ldap3.NTLM属性的具体用法?Python ldap3.NTLM怎么用?Python ldap3.NTLM使用的例子?那么恭喜您, 这里精选的属性代码示例或许可以为您提供帮助。您也可以进一步了解该属性所在类ldap3的用法示例。
在下文中一共展示了ldap3.NTLM属性的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: sendNegotiate
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def sendNegotiate(self, negotiateMessage):
self.negotiateMessage = negotiateMessage
self.init_connection()
with self.connection.lock:
if not self.connection.sasl_in_progress:
self.connection.sasl_in_progress = True
request = bind.bind_operation(self.connection.version, 'SICILY_PACKAGE_DISCOVERY')
response = self.connection.post_send_single_response(self.connection.send('bindRequest', request, None))
result = response[0]
sicily_packages = result['server_creds'].decode('ascii').split(';')
if 'NTLM' in sicily_packages: # NTLM available on server
request = bind.bind_operation(self.connection.version, 'SICILY_NEGOTIATE_NTLM', self)
response = self.connection.post_send_single_response(self.connection.send('bindRequest', request, None))
result = response[0]
if result['result'] == RESULT_SUCCESS:
return result['server_creds']
#This is a fake function for ldap3 which wants an NTLM client with specific methods 示例2: perform_rebind
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def perform_rebind(ldapconnection, contextuser, config, confdict):
if config.user is not None and contextuser != config.user:
# we should now switch context to the new user
print_m('Switching context to %s' % config.user)
if not config.password:
prompt = 'Please supply the password or LM:NTLM hashes for the account %s: ' % config.user
config.password = getpass.getpass(prompt.encode('utf-8'))
rebind_ldap(ldapconnection, config.user, config.password, config.domain)
contextuser = config.user
print_o('Done switching context')
else:
# we should re-bind to refresh our access rights
print_m('Re-binding to LDAP to refresh group memberships of %s' % contextuser)
# Password depends on the context we are under
if contextuser == config.user:
password = config.password
else:
password = config.source_password
rebind_ldap(ldapconnection, contextuser, password, config.domain)
print_o('Re-bind successful')
return contextuser 示例3: rebind_ldap
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def rebind_ldap(self, user):
domain = self.config['domain']
# Todo: get password from command line args
try:
password = self.passdata[user]
except KeyError:
prompt = 'Please supply the password or LM:NTLM hashes for the account %s: ' % user
password = getpass.getpass(prompt.encode('utf-8'))
# Store for further reference
self.passdata[user] = password
if domain is None:
domain = get_domain(user)
if '@' in user or '.' in user:
binduser = get_sam_name(user)
else:
binduser = user
if not self.ldapconnection.rebind('%s\\%s' % (domain, binduser), password, authentication=ldap3.NTLM):
raise RestoreException('Failed to switch context to %s\\%s: %s' % (domain, binduser, str(self.ldapconnection.result)))
return user 示例4: sendAuth
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
if unpack('B', str(authenticateMessageBlob)[:1])[0] == SPNEGO_NegTokenResp.SPNEGO_NEG_TOKEN_RESP:
respToken2 = SPNEGO_NegTokenResp(authenticateMessageBlob)
token = respToken2['ResponseToken']
else:
token = authenticateMessageBlob
with self.session.connection_lock:
self.authenticateMessageBlob = token
request = bind.bind_operation(self.session.version, 'SICILY_RESPONSE_NTLM', self, None)
response = self.session.post_send_single_response(self.session.send('bindRequest', request, None))
result = response[0]
self.session.sasl_in_progress = False
if result['result'] == RESULT_SUCCESS:
self.session.bound = True
self.session.refresh_server_info()
return None, STATUS_SUCCESS
else:
if result['result'] == RESULT_STRONGER_AUTH_REQUIRED and self.PLUGIN_NAME != 'LDAPS':
raise LDAPRelayClientException('Server rejected authentication because LDAP signing is enabled. Try connecting with TLS enabled (specify target as ldaps://hostname )')
return None, STATUS_ACCESS_DENIED
#This is a fake function for ldap3 which wants an NTLM client with specific methods 示例5: doLdapLogin
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def doLdapLogin(username, password):
if LdapServer == None or LdapServer == "":
return False
try:
from ldap3 import Server, Connection, ALL, NTLM
except ImportError as importException:
LogError("LDAP3 import not found, run 'sudo pip install ldap3 && sudo pip3 install ldap3'")
LogError(importException)
return False
HasAdmin = False
HasReadOnly = False
SplitName = username.split('\\')
DomainName = SplitName[0]
DomainName = DomainName.strip()
AccountName = SplitName[1]
AccountName = AccountName.strip()
server = Server(LdapServer, get_info=ALL)
conn = Connection(server, user='{}\\{}'.format(DomainName, AccountName), password=password, authentication=NTLM, auto_bind=True)
conn.search('dc=skipfire,dc=local', '(&(objectclass=user)(sAMAccountName='+AccountName+'))', attributes=['memberOf'])
for user in sorted(conn.entries):
for group in user.memberOf:
if group.upper().find("CN="+LdapAdminGroup.upper()) >= 0:
HasAdmin = True
elif group.upper().find("CN="+LdapReadOnlyGroup.upper()) >= 0:
HasReadOnly = True
session['logged_in'] = HasAdmin or HasReadOnly
session['write_access'] = HasAdmin
if HasAdmin:
LogError("Admin Login via LDAP")
elif HasReadOnly:
LogError("Limited Rights Login via LDAP")
else:
LogError("No rights for valid login via LDAP")
return HasAdmin or HasReadOnly
#------------------------------------------------------------------------------- 示例6: init_connection
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def init_connection(self):
self.server = Server(self.target, get_info=ALL)
self.connection = Connection(self.server, user="a", password="b", authentication=NTLM)
self.connection.open(False) 示例7: sendAuth
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def sendAuth(self, authenticateMessageBlob, serverChallenge=None):
with self.connection.lock:
self.authenticateMessageBlob = authenticateMessageBlob
request = bind.bind_operation(self.connection.version, 'SICILY_RESPONSE_NTLM', self, None)
response = self.connection.post_send_single_response(self.connection.send('bindRequest', request, None))
result = response[0]
self.connection.sasl_in_progress = False
if result['result'] == RESULT_SUCCESS:
self.connection.bound = True
self.connection.refresh_server_info()
return result
#This is a fake function for ldap3 which wants an NTLM client with specific methods 示例8: sendNegotiate
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def sendNegotiate(self, negotiateMessage):
self.negotiateMessage = negotiateMessage
self.init_connection()
with self.connection.lock:
if not self.connection.sasl_in_progress:
self.connection.sasl_in_progress = True
request = bind.bind_operation(self.connection.version, 'SICILY_PACKAGE_DISCOVERY')
response = self.connection.post_send_single_response(self.connection.send('bindRequest', request, None))
result = response[0]
try:
sicily_packages = result['server_creds'].decode('ascii').split(';')
except KeyError:
raise LDAPRelayClientException('Could not discover authentication methods, server replied: %s' % result)
if 'NTLM' in sicily_packages: # NTLM available on server
request = bind.bind_operation(self.connection.version, 'SICILY_NEGOTIATE_NTLM', self)
response = self.connection.post_send_single_response(self.connection.send('bindRequest', request, None))
result = response[0]
if result['result'] == RESULT_SUCCESS:
return result['server_creds']
else:
raise LDAPRelayClientException('Server did not offer NTLM authentication!')
#This is a fake function for ldap3 which wants an NTLM client with specific methods 示例9: rebind_ldap
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def rebind_ldap(ldapconnection, user, password, domain=None):
if domain is None:
domain = get_domain(user)
if '@' in user:
user = get_sam_name(user)
if not ldapconnection.rebind('%s\\%s' % (domain, user), password, authentication=ldap3.NTLM):
raise ExploitException('Failed to switch context to %s\\%s: %s' % (domain, user, str(ldapconnection.result))) 示例10: connect_ldap
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def connect_ldap(server, user, password, domain=None):
if domain is None:
domain = get_domain(user)
if '@' in user or '.' in user:
user = get_sam_name(user)
ldapserver = ldap3.Server(server, get_info=ldap3.DSA)
connection = ldap3.Connection(ldapserver, user='%s\\%s' % (domain, user), password=password, authentication=ldap3.NTLM)
if not connection.bind():
raise ExploitException('Failed to connect to the LDAP server as %s\\%s: %s' % (domain, user, str(connection.result)))
return connection 示例11: establish_connection
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def establish_connection(self, user):
domain = self.config['domain']
# First check if the server was specified explicitly
if self.args.server:
server = self.args.server
# If not, check if the server was specified in the restore data
elif self.config['server']:
server = self.config['server']
# Else, assume DNS is set up properly and we can connect to the domain
else:
server = self.config['domain']
# Todo: get password from command line args
try:
password = self.passdata[user]
except KeyError:
prompt = 'Please supply the password or LM:NTLM hashes for the account %s: ' % user
password = getpass.getpass(prompt.encode('utf-8'))
# Store for further reference
self.passdata[user] = password
if domain is None:
domain = get_domain(user)
if '@' in user or '.' in user:
binduser = get_sam_name(user)
else:
binduser = user
ldapserver = ldap3.Server(server, get_info=ldap3.DSA)
connection = ldap3.Connection(ldapserver, user='%s\\%s' % (domain, binduser), password=password, authentication=ldap3.NTLM)
if not connection.bind():
raise RestoreException('Failed to connect to the LDAP server as %s\\%s: %s' % (domain, binduser, str(connection.result)))
return connection, user 示例12: initConnection
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def initConnection(self):
self.server = Server("ldap://%s:%s" % (self.targetHost, self.targetPort), get_info=ALL)
self.session = Connection(self.server, user="a", password="b", authentication=NTLM)
self.session.open(False)
return True 示例13: sendNegotiate
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def sendNegotiate(self, negotiateMessage):
#Remove the message signing flag
#For LDAP this is required otherwise it triggers LDAP signing
negoMessage = NTLMAuthNegotiate()
negoMessage.fromString(negotiateMessage)
#negoMessage['flags'] ^= NTLMSSP_NEGOTIATE_SIGN
self.negotiateMessage = str(negoMessage)
with self.session.connection_lock:
if not self.session.sasl_in_progress:
self.session.sasl_in_progress = True
request = bind.bind_operation(self.session.version, 'SICILY_PACKAGE_DISCOVERY')
response = self.session.post_send_single_response(self.session.send('bindRequest', request, None))
result = response[0]
try:
sicily_packages = result['server_creds'].decode('ascii').split(';')
except KeyError:
raise LDAPRelayClientException('Could not discover authentication methods, server replied: %s' % result)
if 'NTLM' in sicily_packages: # NTLM available on server
request = bind.bind_operation(self.session.version, 'SICILY_NEGOTIATE_NTLM', self)
response = self.session.post_send_single_response(self.session.send('bindRequest', request, None))
result = response[0]
if result['result'] == RESULT_SUCCESS:
challenge = NTLMAuthChallenge()
challenge.fromString(result['server_creds'])
return challenge
else:
raise LDAPRelayClientException('Server did not offer NTLM authentication!')
#This is a fake function for ldap3 which wants an NTLM client with specific methods 示例14: establish_connection
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def establish_connection(self, user):
domain = self.config['domain']
# First check if the server was specified explicitly
if self.config['server']:
server = self.config['server']
else:
server = self.config['domain']
# if self.args.server:
# server = self.args.server
# # If not, check if the server was specified in the restore data
# elif self.config['server']:
# server = self.config['server']
# # Else, assume DNS is set up properly and we can connect to the domain
# else:
# server = self.config['domain']
#password = getpass.getpass(self.ntlm.encode('utf-8'))
password = self.ntlm
self.passdata[user] = password
#Todo: get password from command line args
# try:
# password = self.passdata[user]
# except KeyError:
# prompt = 'Please supply the password or LM:NTLM hashes for the account %s: ' % user
# password = getpass.getpass(prompt.encode('utf-8'))
# # Store for further reference
# self.passdata[user] = password
if domain is None:
domain = get_domain(user)
if '@' in user or '.' in user:
binduser = get_sam_name(user)
else:
binduser = user
ldapserver = ldap3.Server(server, get_info=ldap3.DSA)
connection = ldap3.Connection(ldapserver, user='%s\\%s' % (domain, binduser), password=password, authentication=ldap3.NTLM)
if not connection.bind():
raise RestoreException('Failed to connect to the LDAP server as %s\\%s: %s' % (domain, binduser, str(connection.result)))
return connection, user 示例15: get_ldap_connection
# 需要导入模块: import ldap3 [as 别名]
# 或者: from ldap3 import NTLM [as 别名]
def get_ldap_connection(self):
try:
server = Server(self.LDAP_SERVER, port=self.LDAP_PORT, get_info=ALL, use_ssl=self.LDAP_USE_SSL, connect_timeout=self.LDAP_CONNECT_TIMEOUT)
if self.LDAP_AUTH_TYPE == "NTLM":
connection = Connection(
server=server,
user=self.LDAP_USER_NTLM,
password=self.LDAP_PASSWORD,
authentication=NTLM,
return_empty_attributes=True,
raise_exceptions=True)
else:
connection = Connection(
server=server,
user=self.LDAP_USER_DN,
password=self.LDAP_PASSWORD,
authentication=self.LDAP_AUTH_TYPE,
return_empty_attributes=True,
raise_exceptions=True)
return connection
except Exception as err:
raise ValueError("Cannot connect to LDAP Server. Ensure credentials are correct\n Error: {0}".format(err))