Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MachineAccountQuota Module Crash When Value Not Set in AD #421

Closed
denevin opened this issue Sep 17, 2024 · 1 comment · Fixed by #422
Closed

MachineAccountQuota Module Crash When Value Not Set in AD #421

denevin opened this issue Sep 17, 2024 · 1 comment · Fixed by #422
Labels
bug Something isn't working

Comments

@denevin
Copy link

denevin commented Sep 17, 2024
edited
Loading

Describe the bug
The "maq" module seems to crash each time when MachineAccountQuota value is not set in active directory.
When viewing ms-DS-MachineAccountQuota value using ADSI Edit tool for domain it's shown as "not set" in this case.

To Reproduce
Steps to reproduce the behavior i.e.:
Command: nxc ldap <ldapip> -u <user> -p <pass> -M maq

Resulted in:

...
MAQ         <ldapip>    389    <hostname>              [*] Getting the MachineAccountQuota
[18:48:29] ERROR    Exception while calling proto_flow() on target <ip>: Attempted "__int__" operation on ASN.1 schema object connection.py:168

Traceback (most recent call last) ────────────────────────────────────────────────────────────────────
 /usr/lib/python3/dist-packages/nxc/connection.py:163 in __init__                                                                                     
                                                                                                                                                      
   160 │   │   self.logger.info(f"Socket info: host={self.host}, hostname={self.hostname},                                                            
       kerberos={self.kerberos}, ipv6={self.is_ipv6}, link-local                                                                                      
       ipv6={self.is_link_local_ipv6}")                                                                                                               
   161 │   │                                                                                                                                          
   162 │   │   try:                                                                                                                                   
 ❱ 163 │   │   │   self.proto_flow()                                                                                                                  
   164 │   │   except Exception as e:                                                                                                                 
   165 │   │   │   if "ERROR_DEPENDENT_SERVICES_RUNNING" in str(e):                                                                                   
   166 │   │   │   │   self.logger.error(f"Exception while calling proto_flow() on target                                                             
       {target}: {e}")                                                                                                                                
                                                                                                                                                      
 /usr/lib/python3/dist-packages/nxc/connection.py:227 in proto_flow                                                                                   
                                                                                                                                                      
   224 │   │   │   │   if hasattr(self.args, "module") and self.args.module:                                                                          
   225 │   │   │   │   │   self.load_modules()                                                                                                        
   226 │   │   │   │   │   self.logger.debug("Calling modules")                                                                                       
 ❱ 227 │   │   │   │   │   self.call_modules()                                                                                                        
   228 │   │   │   │   else:                                                                                                                          
   229 │   │   │   │   │   self.logger.debug("Calling command arguments")                                                                             
   230 │   │   │   │   │   self.call_cmd_args()                                                                                                       
                                                                                                                                                      
 /usr/lib/python3/dist-packages/nxc/connection.py:281 in call_modules                                                                                 
                                                                                                                                                      
   278 │   │   │                                                                                                                                      
   279 │   │   │   if hasattr(module, "on_login"):                                                                                                    
   280 │   │   │   │   self.logger.debug(f"Module {module.name} has on_login method")                                                                 
 ❱ 281 │   │   │   │   module.on_login(context, self)                                                                                                 
   282 │   │   │                                                                                                                                      
   283 │   │   │   if self.admin_privs and hasattr(module, "on_admin_login"):                                                                         
   284 │   │   │   │   self.logger.debug(f"Module {module.name} has on_admin_login method")                                                           
                                                                                                                                                      
 /usr/lib/python3/dist-packages/nxc/modules/maq.py:29 in on_login                                                                                     
                                                                                                                                                      
   26 │   │   searchFilter = "(objectClass=*)"                                                                                                        
   27 │   │   attributes = ["ms-DS-MachineAccountQuota"]                                                                                              
   28 │   │   result = connection.search(searchFilter, attributes)                                                                                    
 ❱ 29 │   │   context.log.highlight("MachineAccountQuota: %d" %                                                                                       
      result[0]["attributes"][0]["vals"][0])                                                                                                          
   30                                                                                                                                                 
                                                                                                                                                      
 /usr/lib/python3/dist-packages/pyasn1/type/univ.py:1041 in __int__                                                                                   
                                                                                                                                                      
   1038 │   │   return self * value                                                                                                                   
   1039 │                                                                                                                                             
   1040 │   def __int__(self):                                                                                                                        
 ❱ 1041 │   │   return int(self._value)                                                                                                               
   1042 │                                                                                                                                             
   1043 │   def __float__(self):                                                                                                                      
   1044 │   │   return float(self._value)                                                                                                             
                                                                                                                                                      
 /usr/lib/python3/dist-packages/pyasn1/type/base.py:213 in plug                                                                                       
                                                                                                                                                      
   210 │   │   if cls._instance is None:                                                                                                              
   211 │   │   │   def getPlug(name):                                                                                                                 
   212 │   │   │   │   def plug(self, *args, **kw):                                                                                                   
 ❱ 213 │   │   │   │   │   raise error.PyAsn1Error('Attempted "%s" operation on ASN.1 schema                                                          
       object' % name)                                                                                                                                
   214 │   │   │   │   return plug                                                                                                                    
   215 │   │   │                                                                                                                                      
   216 │   │   │   op_names = [name                                                                                                                   
                    ──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────╯
                    PyAsn1Error: Attempted "__int__" operation on ASN.1 schema object

Expected behavior
Display a message that value is not set and users can create unlimited number of computer accounts in domain.

Screenshots
N/A

NetExec info

  • OS: Kali
  • Version of nxc: 1.2.0
  • Installed from: apt/github/pip/docker/...? pip
  • Python: 3.11.9

Additional context
N/A
@NeffIsBack NeffIsBack added the bug Something isn't working label Sep 17, 2024
@NeffIsBack
Copy link
Contributor

Thanks for the bug report!

@NeffIsBack NeffIsBack mentioned this issue Sep 19, 2024
Merged
@NeffIsBack NeffIsBack linked a pull request Sep 19, 2024 that will close this issue
Fix maq module if MAQ not set #422
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix maq module if MAQ not set Pennyw0rth/NetExec
2 participants
@denevin @NeffIsBack