ldapasn1 errors about pywerview HOT 15 CLOSED

Hey @rkornmeyer,

can you please post more details? To help you, I will need:

• The version of impacket installed: you say you have the latest version, do you mean the latest release (v0.9.15) or did you clone the repository (v0.9.16-dev)?
• The command line you typed that generated this error;
• The output of the same command ran from PowerView;
• The version of Windows you're running pywerview against;

Thanks!

Y

from pywerview.

edited the original issue with more information.

from pywerview.

Hi @rkornmeyer,

this is weird, it seems to be in a call made in the impacket library to the pyasn1 library. Can you tell me what version of pyasn1 you have installed?

from pywerview.

pyasn1 0.1.9 - I can confirm, that at least another one of my colleagues has the same issue. It is intermittent between users. The same error also happens if you're using get-netgroupmembers and it pulls a user with the offending data ( which i think at this point is one of the time/date variables.) It could be possible these users are in different time zones, ahead or behind the current time.

from pywerview.

Hmm, I don't think it's a problem with the time stamps or dates, cause no interpretation is made of them (there is no check to see the time zone, or if they're behind or ahead of the current time/date). At this point, I'm more inclined to think that it's a compatibility problem with your pywerview/impacket/pyasn1 versions. Here's my version of pyasn1:

$ dpkg -l | grep pyasn1
ii  python-pyasn1                         0.1.7-1                              all          ASN.1 library for Python (Python 2 module)
ii  python-pyasn1-modules                 0.0.5-0.1                            all          Collection of protocols modules written in ASN.1 language

What Linux distro (and in what version) are you running?

from pywerview.

right! sorry, that might be completely true. pip does install pyasn1 0.1.9, so it might be worth noting that in requirements somewhere... even though impacket just installs 0.1.9... so the other thing i was thinking of and included the link to was :

https://github.com/the-useless-one/pywerview/blob/master/pywerview/objects/adobjects.py#L53

Traceback (most recent call last):
File "pywerview.py", line 24, in
main()
File "c:\pentest\pywerview-master\pywerview-master\pywerview\cli\main.py", lin
e 347, in main
results = args.func(*_parsed_args)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\cli\helpers.py",
line 46, in get_netuser
custom_filter=custom_filter)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\requester.py", li
ne 127, in wrapper
return f(_args, **kwargs)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\functions\net.py"
, line 69, in get_netuser
return self._ldap_search(user_search_filter, adobj.User)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\requester.py", li
ne 108, in _ldap_search
results.append(class_result(result['attributes']))
File "c:\pentest\pywerview-master\pywerview-master\pywerview\objects\adobjects
.py", line 90, in init
ADObject.init(self, attributes)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\objects\adobjects
.py", line 26, in init
self.add_attributes(attributes)
File "c:\pentest\pywerview-master\pywerview-master\pywerview\objects\adobjects
.py", line 54, in add_attributes
value = datetime.fromtimestamp(timestamp)
ValueError: timestamp out of range for platform localtime()/gmtime() function

but I can start a new issue for that one.

from pywerview.

I installed pyasn1 with my package manager, so this might explain the difference in our versions. I'll keep this issue opened, until I have some time to perform more tests with different versions of pyasn1. Also, I'm noting that you're executing pywerview on Windows. Keep in mind that I developed pywerview to be an AD enumeration tool for Linux, so I didn't test its behavior at all on a Windows environment. So this is something I'll also have to test.

Regarding the error with the time stamp, I'd indeed rather you opened another issue. But as noted above, I don't know the behavior of pywerview on Windows.

Thanks!

from pywerview.

noted, that's just where I copied the logs from. It also did the same thing on Debian with the same impacket version and same pyasn1 version.

from pywerview.

My 2 cents,
With

$ pip list | grep impacket
impacket (0.9.16.dev0)

and

$ pip list | grep asn1
pyasn1 (0.1.9)

I don't have any trouble to use LDAP queries with Pywerview on Debian 8.6.

from pywerview.

Sorry for the delay @rkornmeyer, but as with @ThePirateWhoSmellsOfSunflowers, I was not able to reproduce the problem on Debian:

$ pip list | grep -E "impacket|pyasn1"
impacket (0.9.16-dev)
pyasn1 (0.1.9)
$  ./pywerview.py  get-netuser -t 192.168.47.132 -w uselessdomain.local -u root -p password --username root
accountexpires:        0
admincount:            1
badpasswordtime:       2017-01-17 22:28:06
badpwdcount:           0
cn:                    root
codepage:              1252
countrycode:           1
distinguishedname:     CN=root,CN=Users,DC=uselessdomain,DC=local
dscorepropagationdata: 2016-06-18 14:10:23,
                       2016-06-18 13:41:35,
                       1601-01-01 00:04:16
homedirectory:         
instancetype:          4
isgroup:               False
lastlogoff:            1601-01-01 00:09:21
lastlogon:             2017-01-17 22:30:00
lastlogontimestamp:    131291604309379200
logoncount:            345
logonhours:            [255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255]
memberof:              CN=NestedGroup,OU=SecondOU,OU=TestOU,DC=uselessdomain,DC=local,
                       CN=Domain Admins,CN=Users,DC=uselessdomain,DC=local,
                       CN=Enterprise Admins,CN=Users,DC=uselessdomain,DC=local,
                       CN=Schema Admins,CN=Users,DC=uselessdomain,DC=local,
                       CN=Users,CN=Builtin,DC=uselessdomain,DC=local,
                       CN=Administrators,CN=Builtin,DC=uselessdomain,DC=local
name:                  root
objectcategory:        CN=Person,CN=Schema,CN=Configuration,DC=uselessdomain,DC=local
objectclass:           top,
                       person,
                       organizationalPerson,
                       user
objectguid:            09c10301-18d9-4ebd-8c57-fe8aeb49bc2e
objectsid:             S-1-5-21-2193705973-3019999467-1313540997-1001
primarygroupid:        513
profilepath:           
pwdlastset:            2017-01-17 22:00:45
samaccountname:        root
samaccounttype:        805306368
scriptpath:            \\Uselessdc1\sysvol\uselessdomain.local\scripts\login.bat
useraccountcontrol:    512
usnchanged:            49240
usncreated:            8198
whenchanged:           2017-01-17 21:00:45
whencreated:           2016-06-18 13:40:31

You're talking about "users with offending data". Can you post such a user, so that I can try to recreate the problem locally?

Thanks! Cheers,

Y

from pywerview.

@the-useless-one bump. Seems to be happening to me as well when running get-netlocalgroup:

#~ pywerview get-netlocalgroup --computername 192.168.10.21 -t 192.168.10.11 -u user -p pass --group Administrators
Traceback (most recent call last):
  File "/home/byt3bl33d3r/.virtualenvs/CME/bin/pywerview", line 11, in <module>
    load_entry_point('pywerview==0.2.0', 'console_scripts', 'pywerview')()
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/cli/main.py", line 449, in main
    results = args.func(**parsed_args)
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/cli/helpers.py", line 166, in get_netlocalgroup
    list_groups=list_groups, recurse=recurse)
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 134, in wrapper
    return f(*args, **kwargs)
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 216, in wrapper
    return f(*args, **kwargs)
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/functions/net.py", line 590, in get_netlocalgroup
    ad_object = self.get_adobject(queried_sid=member_sid)[0]
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 134, in wrapper
    return f(*args, **kwargs)
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/functions/net.py", line 46, in get_adobject
    return self._ldap_search(object_filter, adobj.ADObject)
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pywerview/requester.py", line 96, in _ldap_search
    size=1000)
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 582, in __init__
    self['controlType'] = CONTROL_PAGEDRESULTS
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pyasn1/type/univ.py", line 1945, in __setitem__
    self.setComponentByName(idx, value)
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/pyasn1/type/univ.py", line 2037, in setComponentByName
    self._componentType.getPositionByName(name), value, verifyConstraints, matchTags, matchConstraints
  File "/home/byt3bl33d3r/.virtualenvs/CME/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 552, in setComponentByPosition
    matchConstraints=matchConstraints)
TypeError: setComponentByPosition() got an unexpected keyword argument 'exactTypes'

This only seems to be happening when I specify a domain controller, If I don't it works fine (so seems to be a problem with the LDAP connection to the DC):

#~ pywerview get-netlocalgroup --computername 192.168.10.21 -u user -p pass --group Administrators 
isdomain:  False
isgroup:   False
lastlogin: 
name:      WIN7/Administrator
server:    192.168.10.21
sid:       S-1-5-21-1124277571-3903610354-1476945526-500

isdomain:  True
isgroup:   False
lastlogin: 
name:      
server:    192.168.10.21
sid:       S-1-5-21-1049426096-2728124650-4150323340-512

isdomain:  True
isgroup:   False
lastlogin: 
name:      
server:    192.168.10.21
sid:       S-1-5-21-1049426096-2728124650-4150323340-1108

On a side note, it would be awesome if there was a get-netlocalusers command as well ;)

Thanks!

from pywerview.

@byt3bl33d3r, when you specify a domain controller in the get-netlocalgroup command, it tries to resolve non-local SIDs, so that it can list domain users that are member of local groups.

Could you try issuing the following commands?

#~ pywerview get-adobject -t 192.168.10.11 -u user -p pass --group Administrators --sid S-1-5-21-1049426096-2728124650-4150323340-512
#~ pywerview get-adobject -t 192.168.10.11 -u user -p pass --group Administrators --sid S-1-5-21-1049426096-2728124650-4150323340-1108

Could you also list your installed versions of:

• pywerview
• impacket
• pyasn1

Thanks a lot! Cheers,

Y

from pywerview.

Output of pip freeze:

appdirs==1.4.3
asn1crypto==0.22.0
beautifulsoup4==4.5.3
bs4==0.0.1
cffi==1.10.0
cryptography==1.8.1
enum34==1.1.6
idna==2.5
impacket==0.9.16.dev0
ipaddress==1.0.18
packaging==16.8
pyasn1==0.2.3
pycparser==2.17
pycrypto==2.6.1
pyOpenSSL==16.2.0
pyparsing==2.2.0
pywerview==0.2.0
six==1.10.0

Running those commands gave the same error:

Traceback (most recent call last):
  File "/home/byt3bl33d3r/.virtualenvs/pywerview/bin/pywerview", line 11, in <module>
    load_entry_point('pywerview==0.2.0', 'console_scripts', 'pywerview')()
  File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/cli/main.py", line 449, in main
    results = args.func(**parsed_args)
  File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/cli/helpers.py", line 35, in get_adobject
    ads_path=ads_path, custom_filter=custom_filter)
  File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/requester.py", line 134, in wrapper
    return f(*args, **kwargs)
  File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/functions/net.py", line 46, in get_adobject
    return self._ldap_search(object_filter, adobj.ADObject)
  File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pywerview/requester.py", line 96, in _ldap_search
    size=1000)
  File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 582, in __init__
    self['controlType'] = CONTROL_PAGEDRESULTS
  File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pyasn1/type/univ.py", line 1945, in __setitem__
    self.setComponentByName(idx, value)
  File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/pyasn1/type/univ.py", line 2037, in setComponentByName
    self._componentType.getPositionByName(name), value, verifyConstraints, matchTags, matchConstraints
  File "/home/byt3bl33d3r/.virtualenvs/pywerview/lib/python2.7/site-packages/impacket/ldap/ldapasn1.py", line 552, in setComponentByPosition
    matchConstraints=matchConstraints)
TypeError: setComponentByPosition() got an unexpected keyword argument 'exactTypes'

Also I've now noticed that this error happens on every cmdlet that supports the -t flag

Let me know if you need more info.

Cheers

from pywerview.

Ok, the problem seems to come from your version of pyasn1. If I install pyasn1v0.2.3, I get the same error as you (TypeError: setComponentByPosition() got an unexpected keyword argument 'exactTypes').

However, with pyasn1v0.1.9, there doesn't seem to be any problem. I'll have to ask @asolino, because pyasn1 is an impacket dependency, not a pywerview one.

I'll leave this issue open until I can clear things out with @asolino. Thanks!

PS: if you don't need the latest version of pyasn1, you can downgrade to 0.1.9 with this command:

$ sudo pip install "pyasn1==0.1.9"

from pywerview.

The changes were made in impacket, and it should now resolve your issue. Make sure to use impacketv0.9.16-dev from the GitHub repository, and not from PyPI. I'm closing this, feel free to reopen it if you still have problem.

Cheers,

Y

from pywerview.