Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

域注册成功,新增用户失败 #8

Open
jiangfengchen opened this issue Aug 4, 2023 · 2 comments
Open

域注册成功,新增用户失败 #8

jiangfengchen opened this issue Aug 4, 2023 · 2 comments

Comments

@jiangfengchen
Copy link

配置文件信息

日志信息

[root@localhost WatchAD2.0-master]# docker logs -f -n 200 watchad20master_iatp_1
[+] HAPPYFENG 域注册成功.
[+] 数据编号: 64ccbad1b8982d534fa264bf.
{"DomainName":"happyfeng.cc","DomainServer":"192.168.131.250","KDCServerName":"ADDC01.HAPPYFENG.CC","UserName":"CN=WatchAD,CN=Users,DC=happyfeng,DC=cc","PassWord":"Happy1234","DomainControls":["ADDC01"],"NetbiosDomain":"HAPPYFENG","SSL":false}
创建日志缓存....
[-]新增用户失败:请检查域内是否存在此用户
==> engine.log <==

==> web.log <==

==> engine.log <==
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Certificate Active","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"TGT Activities","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"AS-REP Abnormal Response","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Create Machine User","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Close Log Service","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"MS17-010","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"NEW GPO","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DCShadow","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Remote Code Execute","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Skeleton Key","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"NTLM Relay","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Similar Dc User","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Reset Account Password","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Kerberoasting","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Clear Log","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Resource Based Constraint Delegation","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"GPO DELEGATION","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Shadow Credentials","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SPN Jacking","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"ZeroLogon","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"samAccountName Spoofing","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SpoolSample","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DSRM Change","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Abnormal Permissions","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Local Dump Ntds","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"ADCS-ESC","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"JuicyPotato","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DCSync","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Explicit Credential","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SID History","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.Start","level":"info","msg":"IATP 配置加载完成","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.Start.func3","level":"info","msg":"计划任务服务启动完成","time":"2023-08-04 08:08:46"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerSourceEvent","level":"info","msg":"数据来源启动","source_name":"ITEvent","time":"2023-08-04 08:08:46"}

==> web.log <==
Now listening on: http://0.0.0.0
Application started. Press CTRL+C to shut down.

==> engine.log <==
2023/08/04 08:46:20 Sarama consumer up and running!...

env配置文件
#KAFKA配置,需修改为当前服务器的IP
KAFKAHOST=192.168.131.101
KAFKAADV=PLAINTEXT://192.168.131.101:9092
BROKER=192.168.131.101:9092

#Mongo配置,默认账号密码
MONGOUSER=IATP
MONGOPWD=IATP-by-360

#域控配置,其中DCUSER为域内用户的DN
DCNAME="happyfeng.cc"
DCSERVER=192.168.131.250
DCUSER="CN=WatchAD,CN=Users,DC=happyfeng,DC=cc"
DCPWD="Happy1234"

#WEB配置,可配置为域内任意用户,或DCUSER的CN
WEBUSER="WatchAD"

image
@Cgaii
Copy link

Cgaii commented Aug 4, 2023

进入docker容器中,手动执行下用户添加的命令,看下还会报错吗?
./iatp web --init --authdomain happyfeng.cc --user WatchAD
如果报错还存在,可以在域控中新增一个普通用户,再次使用此命令手动添加尝试下:
./iatp web --init --authdomain happyfeng.cc --user test

@jiangfengchen
Copy link
Author

手动重新执行可以添加成功。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jiangfengchen @Cgaii