Exception in callback _SelectorDatagramTransport._read_ready() #1
Comments
|
Did you capture the pcap? It might reveal the problem. |
|
Maybe it will be useful to help with the rest of the process |
|
@Eyezuhk helped me with this problem and I wrote an article. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Trying to test this in my lab and got the following error when it's trying to send the malicious packet. I am running on Rocky Linux 9.5 with python 3.9.21.
[root@linux CVE-2024-49112]# python LdapNightmare.py dc.ad.DOMAIN.TLD --domain-name hack.DOMAIN.TLD
[LDAP Nightmare:INFO] - Waiting for udp server to start...
[LDAP Nightmare:INFO] - NetLogon connected
[LDAP Nightmare:INFO] - Calling DsrGetDcNameEx2 now...
[LDAP Nightmare:INFO] - Connected to dc.ad.DOMAIN.TLD:49664
[LDAP Nightmare:INFO] - Sending DsrGetDcNameEx2 request...
[LDAP Nightmare:INFO] - Received LDAP request from NetLogon ('10.100.0.11', 51728)
Exception in callback _SelectorDatagramTransport._read_ready()
handle: <Handle _SelectorDatagramTransport._read_ready()>
Traceback (most recent call last):
File "/usr/lib64/python3.9/asyncio/events.py", line 80, in _run
self._context.run(self._callback, *self._args)
File "/usr/lib64/python3.9/asyncio/selector_events.py", line 1027, in _read_ready
self._protocol.datagram_received(data, addr)
File "/root/CVE-2024-49112/exploit_server.py", line 93, in datagram_received
vulnerable_ldap_packet = get_malicious_ldap_packet(ldap_message.id)
File "/root/CVE-2024-49112/exploit_server.py", line 50, in get_malicious_ldap_packet
lm_referral_length_index = bytes_to_send.index(b"\x02\x01") + 1
ValueError: subsection not found
[LDAP Nightmare:INFO] - Received LDAP request from NetLogon ('10.100.0.11', 51728)
Exception in callback _SelectorDatagramTransport._read_ready()
handle: <Handle _SelectorDatagramTransport._read_ready()>
Traceback (most recent call last):
File "/usr/lib64/python3.9/asyncio/events.py", line 80, in _run
self._context.run(self._callback, *self._args)
File "/usr/lib64/python3.9/asyncio/selector_events.py", line 1027, in _read_ready
self._protocol.datagram_received(data, addr)
File "/root/CVE-2024-49112/exploit_server.py", line 93, in datagram_received
vulnerable_ldap_packet = get_malicious_ldap_packet(ldap_message.id)
File "/root/CVE-2024-49112/exploit_server.py", line 50, in get_malicious_ldap_packet
lm_referral_length_index = bytes_to_send.index(b"\x02\x01") + 1
ValueError: subsection not found
Traceback (most recent call last):
File "/root/CVE-2024-49112/LdapNightmare.py", line 75, in
main()
File "/root/CVE-2024-49112/LdapNightmare.py", line 60, in main
DsrGetDcNameEx2(
File "/root/CVE-2024-49112/rpc_call.py", line 32, in DsrGetDcNameEx2
resp = dce.request(request)
File "/usr/local/lib/python3.9/site-packages/impacket/dcerpc/v5/rpcrt.py", line 882, in request
raise exception
impacket.dcerpc.v5.nrpc.DCERPCSessionError: NRPC SessionError: code: 0x54b - ERROR_NO_SUCH_DOMAIN - The specified domain either does not exist or could not be contacted.
The text was updated successfully, but these errors were encountered: