5iddlZddlZddlmZddlmZddlmZddlm Z GddZ e dkrgd Z e D]Z ed ee  e e ZeZeZeeeeeee#e$r5ZddlZejed ezeYdZ[dZ[wwxYwdSdS) N) MSLDAPTarget) MSLDAPClient)MSLDAPClientConnection) UniCredentialceZdZdZdZddedefdZedZ defd Z defd Z de fd Z defd Zed efdZdZdS)LDAPConnectionFactoryz The URL describes both the connection target and the credentials. This class creates all necessary objects to set up the client. :param url: :type url: str a? MSLDAP URL Format: +://:@://?= sets the ldap protocol following values supported: - ldap - ldaps can be omitted if plaintext authentication is to be performed (in that case it default to ntlm-password), otherwise: - ntlm-password - ntlm-nt - kerberos-password (dc option param must be used) - kerberos-rc4 / kerberos-nt (dc option param must be used) - kerberos-aes (dc option param must be used) - kerberos-keytab (dc option param must be used) - kerberos-ccache (dc option param must be used) - sspi-ntlm (windows only!) - sspi-kerberos (windows only!) - anonymous - plain - simple - sicily (same format as ntlm-nt but using the SICILY authentication) : OPTIONAL. Specifies the root tree of all queries can be: - timeout : connction timeout in seconds - proxytype: currently only socks5 proxy is supported - proxyhost: Ip or hostname of the proxy server - proxyport: port of the proxy server - proxytimeout: timeout in secodns for the proxy connection - dc: the IP address of the domain controller, MUST be used for kerberos authentication - encrypt: enable encryption. Only for NTLM. DOESNT WORK WITH LDAPS - etype: Supported encryption types for Kerberos authentication. Multiple can be specified. - rate: LDAP paged search query rate limit. Will sleep for seconds between each new page. Default: 0 (no limit) - pagesize: LDAP paged search query size per page. Max: 1000. Default: 1000 Examples: ldap://10.10.10.2 (anonymous bind) ldaps://test.corp (anonymous bind) ldap+sspi-ntlm://test.corp ldap+sspi-kerberos://test.corp ldap://TEST\victim:@10.10.10.2 (defaults to SASL GSSAPI NTLM) ldap+simple://TEST\victim:@10.10.10.2 (SASL SIMPLE auth) ldap+plain://TEST\victim:@10.10.10.2 (SASL SIMPLE auth) ldap+ntlm-password://TEST\victim:@10.10.10.2 ldap+ntlm-nt://TEST\victim:@10.10.10.2 ldap+kerberos-password://TEST\victim:@10.10.10.2 ldap+kerberos-rc4://TEST\victim:@10.10.10.2 ldap+kerberos-aes://TEST\victim:@10.10.10.2 ldap://TEST\victim:password@10.10.10.2/DC=test,DC=corp/ ldap://TEST\victim:password@10.10.10.2/DC=test,DC=corp/?timeout=99&proxytype=socks5&proxyhost=127.0.0.1&proxyport=1080&proxytimeout=44 N credentialtargetc"||_||_dSN)r r )selfr r s L/home/kali/Ninja/venv/lib/python3.11/site-packages/msldap/commons/factory.py__init__zLDAPConnectionFactory.__init__Is$/$+++crtj|}tj|}t||Sr )rfrom_urlrr)connection_urlr r s rrzLDAPConnectionFactory.from_urlMs2   0 0&%n55* z6 2 22rreturnc4tj|jS)zb Creates a credential object :return: Credential object :rtype: :class:`UniCredential` )copydeepcopyr r s rget_credentialz$LDAPConnectionFactory.get_credentialSs t ' ''rc4tj|jS)zY Creates a target object :return: Target object :rtype: :class:`MSLDAPTarget` )rrr rs r get_targetz LDAPConnectionFactory.get_target\s t{ # ##rcr|}|}t||S)z~ Creates a client that can be used to interface with the server :return: LDAP client :rtype: :class:`MSLDAPClient` )rrrr credr s r get_clientz LDAPConnectionFactory.get_clientes4     $ ??  & fd # ##rcr|}|}t||S)z Creates a connection that can be used to interface with the server :return: LDAP connection :rtype: :class:`MSLDAPClientConnection` )rrrrs rget_connectionz$LDAPConnectionFactory.get_connectionqs4     $ ??  &  - --r connectionc ttj|jtj|jS)zPCreates a new LDAPConnectionFactory object from an existing SMBConnection object)rrrr r )r"s rfrom_ldapconnectionz)LDAPConnectionFactory.from_ldapconnection|s3| t}Z-BCCT]S]SdEeEe f ffrcd}|jD]e}|j|}t|tjr|}n!t|tjr|j}||dt |dz }f|S)Nz!==== LDAPConnectionFactory ==== z: z )__dict__ isinstanceenumIntFlagEnumnamestr)r tkvals r__str__zLDAPConnectionFactory.__str__s~+! =%%a q 3dl## CC3 "" (C3s8888$$11 (r)NN)__name__ __module__ __qualname____doc__ help_epilogrrr staticmethodrrrrrrr!r$r0rrrrs0d}L33,3 (](((($$$$$ $ $ $ $ $ .3 . . . .g$:ggg,g      rr__main__)zldap://10.10.10.2zldap://10.10.10.2:9999zldap://test:password@10.10.10.2zldap://domain\test@10.10.10.2z+ldap://domain\test:password@10.10.10.2:9999zCldap://domain\test:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA@10.10.10.2:9999zldaps+sspi-ntlm://10.10.10.2z ldaps+sspi-kerberos://10.10.10.2z:ldaps+ntlm-password://domain\test:password@10.10.10.2:9999z4ldaps+ntlm-nt://domain\test:password@10.10.10.2:9999z>ldaps+kerberos-password://domain\test:password@10.10.10.2:9999zldaps://10.10.10.2:9999z ldaps://test:password@10.10.10.2zldaps://domain\test@10.10.10.2z,ldaps://domain\test:password@10.10.10.2:9999zTldaps://DOMAIN\test:password@10.10.10.2:9999/?proxytype=socks5&proxyserver=127.0.0.1zsldaps://DOMAIN\test:password@10.10.10.2:9999/?proxytype=socks5&proxyserver=127.0.0.1&proxyuser=admin&proxypass=almazldaps://DOMAIN\test:password@10.10.10.2:9999/?proxytype=multiplexor&proxyserver=127.0.0.1&proxyport=9999&proxyuser=admin&proxypass=almazldaps://10.10.10.2zldaps://10.10.10.2:6666zK===========================================================================zERROR! Reason: %s)r(rmsldap.commons.targetr msldap.clientrmsldap.connectionrasyauth.common.credentialsrrr1 url_testsurlprintrdecrcredsrr r,input Exceptione traceback print_excr7rrrGs ......&&&&&&444444444444        B z,   S%UVVV%***   ' ' , ,3     5 NN  6 5U5V57777    95 q !!!577777777  =.  s=CC=+C88C=