Comments (5)
In case you haven't figure this out yet, I think the issue you are facing (similar to what i faced) is that the timeout isn't set long enough to resolve all the SIDs.
If you do -timeout 30
, you should be good
from certipy.
Please upgrade to the latest version. This error should've been fixed in the latest one.
from certipy.
I believe that I have removed all previous traces of any previous versions of certipy and installed the current version and things appear to be mostly working. When running the command without the -vulnerable argument things appear to work and I do get a resulting text, json, and zip file with results.
When I run the command with the -vulnerable argument I get similar errors as shown below
This is running the command without the -vulnerable argument
This is the tail end of the results without the -vulnerable argument showing the results files created and it shows the basic error when running the command with the -vulnerable argument
This is a screenshot of the debug error when running the command with the -vulnerable argument
Here is the text of the error message
[*] Finding certificate templates
[-] Got error: unable to send message, socket is not open
Traceback (most recent call last):
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/entry.py", line 60, in main
actions[options.action](options)
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/parsers/find.py", line 12, in entry
find.entry(options)
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 1179, in entry
find.find()
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 185, in find
templates = self.get_certificate_templates()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 721, in get_certificate_templates
templates = self.connection.search(
^^^^^^^^^^^^^^^^^^^^^^^
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/lib/ldap.py", line 273, in search
entries = list(
^^^^^
File "/usr/lib/python3/dist-packages/ldap3/extend/standard/PagedSearch.py", line 56, in paged_search_generator
result = connection.search(search_base,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 853, in search
response = self.post_send_search(self.send('searchRequest', request, controls))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ldap3/strategy/base.py", line 336, in send
raise LDAPSocketOpenError(self.connection.last_error)
ldap3.core.exceptions.LDAPSocketOpenError: unable to send message, socket is not open
from certipy.
Strange. Can you try with -scheme ldap
from certipy.
Here are the things that I tried and the results
This command works without error and produces results files
/home/rstrom/.local/bin/certipy find -dc-ip <dc_ip> -u <user_id> -p $PASS -scheme ldap
This command errors
/home/rstrom/.local/bin/certipy find -dc-ip <dc_ip> -u <user_id> -p $PASS -scheme ldap - vulnerable
This is the same command as above with debug added
/home/rstrom/.local/bin/certipy find -dc-ip <dc_ip> -u <user_id> -p $PASS -scheme ldap -vulnerable -debug
Here is the complete debug message
[*] Finding certificate templates
[-] Got error: unable to send message, socket is not open
Traceback (most recent call last):
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/entry.py", line 60, in main
actions[options.action](options)
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/parsers/find.py", line 12, in entry
find.entry(options)
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 1179, in entry
find.find()
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 185, in find
templates = self.get_certificate_templates()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/commands/find.py", line 721, in get_certificate_templates
templates = self.connection.search(
^^^^^^^^^^^^^^^^^^^^^^^
File "/home/rstrom/.local/lib/python3.11/site-packages/certipy/lib/ldap.py", line 273, in search
entries = list(
^^^^^
File "/usr/lib/python3/dist-packages/ldap3/extend/standard/PagedSearch.py", line 56, in paged_search_generator
result = connection.search(search_base,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ldap3/core/connection.py", line 853, in search
response = self.post_send_search(self.send('searchRequest', request, controls))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ldap3/strategy/base.py", line 336, in send
raise LDAPSocketOpenError(self.connection.last_error)
ldap3.core.exceptions.LDAPSocketOpenError: unable to send message, socket is not open
from certipy.
Related Issues (20)
- ESC2 & ESC3 vulnerable template 'RPC_E_CALL_COMPLETE' error
- ldapshell TypeError: __init__() missing 1 required positional argument: 'client'
- Traceback
- Certificate vulnerable but there is no Certificate Authority
- Unclear output when running from a machine account
- LDAPSocketOpenError HOT 2
- ESC 4 - Separate the -save-old functionality with the write vulnerable properties functionality.
- Report Schema Version During Template Enumeration (feature request) HOT 1
- digestmod issue HOT 6
- certipy: error: unrecognized arguments: ESC7 HOT 6
- [Errno 104] Connection reset by peer HOT 4
- ESC4 > ESC1 to CERTSRV_E_UNSUPPORTED_CERT_TYPE HOT 5
- Am I doing this ESC3 abuse wrong?
- The requested certificate template is not supported by this CA. HOT 5
- ESC4 Restore Old Configuration Not Working HOT 1
- LDAP3 not getting detected with Certipy HOT 4
- Changing LDAP/LDAPS port in find HOT 8
- Domain Computers Can Enroll HOT 1
- Help determining if ESC8 vulnerability is false positive? HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from certipy.