Comments (15)
Hey @rkornmeyer,
can you please post more details? To help you, I will need:
- The version of impacket installed: you say you have the latest version, do you mean the latest release (v0.9.15) or did you clone the repository (v0.9.16-dev)?
- The command line you typed that generated this error;
- The output of the same command ran from PowerView;
- The version of Windows you're running pywerview against;
Thanks!
Y
from pywerview.
edited the original issue with more information.
from pywerview.
Hi @rkornmeyer,
this is weird, it seems to be in a call made in the impacket library to the pyasn1 library. Can you tell me what version of pyasn1 you have installed?
from pywerview.
pyasn1 0.1.9 - I can confirm, that at least another one of my colleagues has the same issue. It is intermittent between users. The same error also happens if you're using get-netgroupmembers and it pulls a user with the offending data ( which i think at this point is one of the time/date variables.) It could be possible these users are in different time zones, ahead or behind the current time.
from pywerview.
Hmm, I don't think it's a problem with the time stamps or dates, cause no interpretation is made of them (there is no check to see the time zone, or if they're behind or ahead of the current time/date). At this point, I'm more inclined to think that it's a compatibility problem with your pywerview/impacket/pyasn1 versions. Here's my version of pyasn1:
$ dpkg -l | grep pyasn1
ii python-pyasn1 0.1.7-1 all ASN.1 library for Python (Python 2 module)
ii python-pyasn1-modules 0.0.5-0.1 all Collection of protocols modules written in ASN.1 language
What Linux distro (and in what version) are you running?
from pywerview.
right! sorry, that might be completely true. pip does install pyasn1 0.1.9, so it might be worth noting that in requirements somewhere... even though impacket just installs 0.1.9... so the other thing i was thinking of and included the link to was :
https://github.com/the-useless-one/pywerview/blob/master/pywerview/objects/adobjects.py#L53
Traceback (most recent call last):
File "pywerview.py", line 24, in
main()
File "c:\pentest\pywerview-master\pywerview-master\pywerview\cli\main.py", lin
e 347, in main
results = args.func(*_parsed_args)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\cli\helpers.py",
line 46, in get_netuser
custom_filter=custom_filter)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\requester.py", li
ne 127, in wrapper
return f(_args, **kwargs)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\functions\net.py"
, line 69, in get_netuser
return self._ldap_search(user_search_filter, adobj.User)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\requester.py", li
ne 108, in _ldap_search
results.append(class_result(result['attributes']))
File "c:\pentest\pywerview-master\pywerview-master\pywerview\objects\adobjects
.py", line 90, in init
ADObject.init(self, attributes)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\objects\adobjects
.py", line 26, in init
self.add_attributes(attributes)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\objects\adobjects
.py", line 54, in add_attributes
value = datetime.fromtimestamp(timestamp)
ValueError: timestamp out of range for platform localtime()/gmtime() function
but I can start a new issue for that one.
from pywerview.
I installed pyasn1 with my package manager, so this might explain the difference in our versions. I'll keep this issue opened, until I have some time to perform more tests with different versions of pyasn1. Also, I'm noting that you're executing pywerview on Windows. Keep in mind that I developed pywerview to be an AD enumeration tool for Linux, so I didn't test its behavior at all on a Windows environment. So this is something I'll also have to test.
Regarding the error with the time stamp, I'd indeed rather you opened another issue. But as noted above, I don't know the behavior of pywerview on Windows.
Thanks!
from pywerview.
noted, that's just where I copied the logs from. It also did the same thing on Debian with the same impacket version and same pyasn1 version.
from pywerview.
My 2 cents,
With
$ pip list | grep impacket
impacket (0.9.16.dev0)
and
$ pip list | grep asn1
pyasn1 (0.1.9)
I don't have any trouble to use LDAP queries with Pywerview on Debian 8.6.
from pywerview.
Sorry for the delay @rkornmeyer, but as with @ThePirateWhoSmellsOfSunflowers, I was not able to reproduce the problem on Debian:
$ pip list | grep -E "impacket|pyasn1"
impacket (0.9.16-dev)
pyasn1 (0.1.9)
$ ./pywerview.py get-netuser -t 192.168.47.132 -w uselessdomain.local -u root -p password --username root
accountexpires: 0
admincount: 1
badpasswordtime: 2017-01-17 22:28:06
badpwdcount: 0
cn: root
codepage: 1252
countrycode: 1
distinguishedname: CN=root,CN=Users,DC=uselessdomain,DC=local
dscorepropagationdata: 2016-06-18 14:10:23,
2016-06-18 13:41:35,
1601-01-01 00:04:16
homedirectory:
instancetype: 4
isgroup: False
lastlogoff: 1601-01-01 00:09:21
lastlogon: 2017-01-17 22:30:00
lastlogontimestamp: 131291604309379200
logoncount: 345
logonhours: [255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255]
memberof: CN=NestedGroup,OU=SecondOU,OU=TestOU,DC=uselessdomain,DC=local,
CN=Domain Admins,CN=Users,DC=uselessdomain,DC=local,
CN=Enterprise Admins,CN=Users,DC=uselessdomain,DC=local,
CN=Schema Admins,CN=Users,DC=uselessdomain,DC=local,
CN=Users,CN=Builtin,DC=uselessdomain,DC=local,
CN=Administrators,CN=Builtin,DC=uselessdomain,DC=local
name: root
objectcategory: CN=Person,CN=Schema,CN=Configuration,DC=uselessdomain,DC=local
objectclass: top,
person,
organizationalPerson,
user
objectguid: 09c10301-18d9-4ebd-8c57-fe8aeb49bc2e
objectsid: S-1-5-21-2193705973-3019999467-1313540997-1001
primarygroupid: 513
profilepath:
pwdlastset: 2017-01-17 22:00:45
samaccountname: root
samaccounttype: 805306368
scriptpath: \\Uselessdc1\sysvol\uselessdomain.local\scripts\login.bat
useraccountcontrol: 512
usnchanged: 49240
usncreated: 8198
whenchanged: 2017-01-17 21:00:45
whencreated: 2016-06-18 13:40:31
You're talking about "users with offending data". Can you post such a user, so that I can try to recreate the problem locally?
Thanks! Cheers,
Y
from pywerview.
@the-useless-one bump. Seems to be happening to me as well when running get-netlocalgroup
:
#~ pywerview get-netlocalgroup --computername 192.168.10.21 -t 192.168.10.11 -u user -p pass --group Administrators
Traceback (most recent call last):
File "/home/byt3bl33d3r/.virtualenvs/CME/bin/pywerview", line 11, in <module>
load_entry_point('pywerview==0.2.0', 'console_scripts', 'pywerview')()
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/cli/main.py", line 449, in main
results = args.func(**parsed_args)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/cli/helpers.py", line 166, in get_netlocalgroup
list_groups=list_groups, recurse=recurse)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 134, in wrapper
return f(*args, **kwargs)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 216, in wrapper
return f(*args, **kwargs)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/functions/net.py", line 590, in get_netlocalgroup
ad_object = self.get_adobject(queried_sid=member_sid)[0]
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 134, in wrapper
return f(*args, **kwargs)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/functions/net.py", line 46, in get_adobject
return self._ldap_search(object_filter, adobj.ADObject)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 96, in _ldap_search
size=1000)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 582, in __init__
self['controlType'] = CONTROL_PAGEDRESULTS
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pyasn1/type/univ.py", line 1945, in __setitem__
self.setComponentByName(idx, value)
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pyasn1/type/univ.py", line 2037, in setComponentByName
self._componentType.getPositionByName(name), value, verifyConstraints, matchTags, matchConstraints
File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 552, in setComponentByPosition
matchConstraints=matchConstraints)
TypeError: setComponentByPosition() got an unexpected keyword argument 'exactTypes'
This only seems to be happening when I specify a domain controller, If I don't it works fine (so seems to be a problem with the LDAP connection to the DC):
#~ pywerview get-netlocalgroup --computername 192.168.10.21 -u user -p pass --group Administrators
isdomain: False
isgroup: False
lastlogin:
name: WIN7/Administrator
server: 192.168.10.21
sid: S-1-5-21-1124277571-3903610354-1476945526-500
isdomain: True
isgroup: False
lastlogin:
name:
server: 192.168.10.21
sid: S-1-5-21-1049426096-2728124650-4150323340-512
isdomain: True
isgroup: False
lastlogin:
name:
server: 192.168.10.21
sid: S-1-5-21-1049426096-2728124650-4150323340-1108
On a side note, it would be awesome if there was a get-netlocalusers
command as well ;)
Thanks!
from pywerview.
@byt3bl33d3r, when you specify a domain controller in the get-netlocalgroup
command, it tries to resolve non-local SIDs, so that it can list domain users that are member of local groups.
Could you try issuing the following commands?
#~ pywerview get-adobject -t 192.168.10.11 -u user -p pass --group Administrators --sid S-1-5-21-1049426096-2728124650-4150323340-512
#~ pywerview get-adobject -t 192.168.10.11 -u user -p pass --group Administrators --sid S-1-5-21-1049426096-2728124650-4150323340-1108
Could you also list your installed versions of:
- pywerview
- impacket
- pyasn1
Thanks a lot! Cheers,
Y
from pywerview.
Output of pip freeze:
appdirs==1.4.3
asn1crypto==0.22.0
beautifulsoup4==4.5.3
bs4==0.0.1
cffi==1.10.0
cryptography==1.8.1
enum34==1.1.6
idna==2.5
impacket==0.9.16.dev0
ipaddress==1.0.18
packaging==16.8
pyasn1==0.2.3
pycparser==2.17
pycrypto==2.6.1
pyOpenSSL==16.2.0
pyparsing==2.2.0
pywerview==0.2.0
six==1.10.0
Running those commands gave the same error:
Traceback (most recent call last):
File "/home/byt3bl33d3r/.virtualenvs/pywerview/bin/pywerview", line 11, in <module>
load_entry_point('pywerview==0.2.0', 'console_scripts', 'pywerview')()
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/cli/main.py", line 449, in main
results = args.func(**parsed_args)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/cli/helpers.py", line 35, in get_adobject
ads_path=ads_path, custom_filter=custom_filter)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/requester.py", line 134, in wrapper
return f(*args, **kwargs)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/functions/net.py", line 46, in get_adobject
return self._ldap_search(object_filter, adobj.ADObject)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/requester.py", line 96, in _ldap_search
size=1000)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 582, in __init__
self['controlType'] = CONTROL_PAGEDRESULTS
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pyasn1/type/univ.py", line 1945, in __setitem__
self.setComponentByName(idx, value)
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pyasn1/type/univ.py", line 2037, in setComponentByName
self._componentType.getPositionByName(name), value, verifyConstraints, matchTags, matchConstraints
File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 552, in setComponentByPosition
matchConstraints=matchConstraints)
TypeError: setComponentByPosition() got an unexpected keyword argument 'exactTypes'
Also I've now noticed that this error happens on every cmdlet that supports the -t
flag
Let me know if you need more info.
Cheers
from pywerview.
Ok, the problem seems to come from your version of pyasn1. If I install pyasn1v0.2.3, I get the same error as you (TypeError: setComponentByPosition() got an unexpected keyword argument 'exactTypes'
).
However, with pyasn1v0.1.9, there doesn't seem to be any problem. I'll have to ask @asolino, because pyasn1 is an impacket dependency, not a pywerview one.
I'll leave this issue open until I can clear things out with @asolino. Thanks!
PS: if you don't need the latest version of pyasn1, you can downgrade to 0.1.9 with this command:
$ sudo pip install "pyasn1==0.1.9"
from pywerview.
The changes were made in impacket, and it should now resolve your issue. Make sure to use impacketv0.9.16-dev from the GitHub repository, and not from PyPI. I'm closing this, feel free to reopen it if you still have problem.
Cheers,
Y
from pywerview.
Related Issues (20)
- UnicodeDecodeError in invoke-userhunter (develop branch) HOT 2
- Get-NetGroupMember does not work against "Domain Users" group HOT 5
- Any chance of adding kerberos auth? HOT 4
- LDAPSearchError HOT 3
- Return JSON objects HOT 2
- TypeError: 'NoneType' object is not iterable HOT 1
- port to Python 3 HOT 7
- Kali 2020 compatibility HOT 5
- Invoke-ACLScanner port HOT 3
- pycrypto module requirement HOT 7
- get-objectacl HOT 1
- Get-netcomputer didn't return all the computers HOT 4
- AttributeError: 'int' object has no attribute 'hex' HOT 2
- Enumerate the state of TGT delegation HOT 3
- Filter "get-netgroup" for RIDs 1000 or higher and output related information based on that HOT 1
- TypeError: unhashable type: 'list' HOT 3
- TypeError: __init__() takes 13 positional arguments but 14 were given HOT 4
- pywerview_main_logger.LDAPRPCRequester - _do_ntlm_auth : Invalid Credentials HOT 3
- get-adserviceaccount command doesn't exist (get-netgmsa is what enumerates gMSA accounts) HOT 1
- "AttributeError: install_layout"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pywerview.