You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, im experiencing the following issue and wondering if anyone knows how to resolve this;
I have sharphound (latest) running on an ubuntu container in azure container instances, it connect to our on premise DC with ports 53,88 and 636 /TCP open.
checked:
our.domain can connect with netcat/telnet on port 636
openssl confirms certs are valid
ldapsearch works and returns data with:
klist results in a valid kerberos ticket using:
echo "password" | kinit "username"
then running the latest version sharphound with mono:
mono "/tmp/SharpHound/bin/Release/net462/SharpHound.exe"
-c LocalGroup
--ldapusername "username"
--ldappassword "password"
--disablecertverification
--disablesigning
--forcesecureldap
--skipportcheck
--domain "our.domain"
--domaincontroller "dc.our.domain"
--outputdirectory "/tmp/sharphound_output"
-v 0
in our checkpoint firewall i can see its trying to connect over port 389 four times. eventually the testconnection link times out and results in:
2024-12-17T13:07:29.9695920+00:00|INFORMATION|This version of SharpHound is compatible with the 5.0.0 Release of BloodHound
2024-12-17T13:07:30.3400440+00:00|INFORMATION|Resolved Collection Methods: LocalAdmin, RDP, DCOM, PSRemote
2024-12-17T13:07:30.4328200+00:00|TRACE|Entering initialize link
2024-12-17T13:07:30.4368430+00:00|INFORMATION|Initializing SharpHound at 13:07 on 12/17/2024
2024-12-17T13:07:30.4381900+00:00|TRACE|Exiting initialize link
2024-12-17T13:07:30.4582640+00:00|TRACE|Entering TestConnection link, testing domain our.domain
2024-12-17T13:09:41.2792480+00:00|DEBUG|Static GetDomain call failed for domain our.domain: The method or operation is not implemented.
2024-12-17T13:09:41.2941180+00:00|DEBUG|[CommonLib LdapConnectionPool]Creating connection for identifier dc.our.domain
2024-12-17T13:09:41.3049840+00:00|INFORMATION|[CommonLib LdapConnectionPool]We will not be able to connect to domain our.domain by any strategy, leaving it.
System.NotImplementedException: The method or operation is not implemented.
at SharpHoundCommonLib.LdapConnectionPool.CreateBaseConnection (System.String directoryIdentifier, System.Boolean ssl, System.Boolean globalCatalog) [0x00041] in <b429ef628f6a4201b3fb43884d203584>:0
at SharpHoundCommonLib.LdapConnectionPool.CreateLdapConnection (System.String target, System.Boolean globalCatalog, SharpHoundCommonLib.LdapConnectionWrapper& connection) [0x00000] in <b429ef628f6a4201b3fb43884d203584>:0
at SharpHoundCommonLib.LdapConnectionPool.CreateNewConnectionForServer (System.String identifier, System.Boolean globalCatalog) [0x00000] in <b429ef628f6a4201b3fb43884d203584>:0
at SharpHoundCommonLib.LdapConnectionPool.CreateNewConnection (System.Boolean globalCatalog) [0x00043] in <b429ef628f6a4201b3fb43884d203584>:0
2024-12-17T13:09:41.3131410+00:00|ERROR|Unable to connect to LDAP: All attempted connections failed
2024-12-17T13:09:41.3144920+00:00|TRACE|Exiting TestConnection link
also tried an older version 2.4.1 results in same-like error;
024-12-17T13:24:18.7471300+00:00|INFORMATION|This version of SharpHound is compatible with the 5.0.0 Release of BloodHound
2024-12-17T13:24:19.0618220+00:00|INFORMATION|Resolved Collection Methods: LocalAdmin, RDP, DCOM, PSRemote
2024-12-17T13:24:19.0948140+00:00|TRACE|Entering initialize link
2024-12-17T13:24:19.0975160+00:00|INFORMATION|Initializing SharpHound at 13:24 on 12/17/2024
2024-12-17T13:24:19.0996500+00:00|TRACE|Entering TestConnection link
2024-12-17T13:24:19.1180990+00:00|DEBUG|[CommonLib LDAPUtils]GetDomain call failed at GetDomain at offset 0 in file:line:column <filename unknown>:0:0
System.NotImplementedException: The method or operation is not implemented.
at SharpHoundCommonLib.LDAPUtils.GetDomain (System.String domainName) [0x00077] in <8659aef034cd4871b3f1b9b8066b073a>:0
2024-12-17T13:24:19.1195830+00:00|TRACE|[CommonLib LDAPUtils]Testing LDAP connection for domain our.domain
2024-12-17T13:24:19.1368740+00:00|TRACE|[CommonLib LDAPUtils]Creating ldap connection for DC with filter (objectclass=domain)
2024-12-17T13:24:19.1614320+00:00|WARNING|[CommonLib LDAPUtils]Failed to setup LDAP Query Filter: Exception getting LDAP connection for (objectclass=domain) and domain BUSINESS.FINL.FORTIS
2024-12-17T13:24:19.1681160+00:00|ERROR|Error running SharpHound: Failed to setup LDAP Query Filter
at SharpHoundCommonLib.LDAPUtils+<QueryLDAP>d__40.MoveNext () [0x000a7] in <8659aef034cd4871b3f1b9b8066b073a>:0
at System.Linq.Enumerable+DefaultIfEmptyIterator`1[TSource].MoveNext () [0x0002b] in <d22af090bceb4be792f53595cf074724>:0
at System.Linq.Enumerable.TryGetFirst[TSource] (System.Collections.Generic.IEnumerable`1[T] source, System.Boolean& found) [0x0005c] in <d22af090bceb4be792f53595cf074724>:0
at System.Linq.Enumerable.FirstOrDefault[TSource] (System.Collections.Generic.IEnumerable`1[T] source) [0x00000] in <d22af090bceb4be792f53595cf074724>:0
at SharpHoundCommonLib.LDAPUtils.TestLDAPConfig (System.String domain) [0x00064] in <8659aef034cd4871b3f1b9b8066b073a>:0
at Sharphound.SharpLinks.TestConnection (Sharphound.Client.IContext context) [0x00023] in <6ebe01ee6c6f4f6b96e30c5d391c49ba>:0
at Sharphound.Program+<>c__DisplayClass0_0.<Main>b__1 (Sharphound.Options options) [0x005c7] in <6ebe01ee6c6f4f6b96e30c5d391c49ba>:0
at CommandLine.ParserResultExtensions.WithParsedAsync[T] (CommandLine.ParserResult`1[T] result, System.Func`2[T,TResult] action) [0x00075] in <16134578226e4e409ecbdd10473cf8f2>:0
at Sharphound.Program.Main (System.String[] args) [0x00101] in <6ebe01ee6c6f4f6b96e30c5d391c49ba>:0
Why is it trying to connect over 389 while i have --forcesecureldap? anyone got any solution or see an issue in the configuration?
The text was updated successfully, but these errors were encountered:
Hi, im experiencing the following issue and wondering if anyone knows how to resolve this;
I have sharphound (latest) running on an ubuntu container in azure container instances, it connect to our on premise DC with ports 53,88 and 636 /TCP open.
checked:
our.domain can connect with netcat/telnet on port 636
openssl confirms certs are valid
ldapsearch works and returns data with:
ldapsearch -H ldaps://our.domain:636
-D "username"
-w "password"
-b "DC=our,DC=domain"
"(objectClass=*)"
klist results in a valid kerberos ticket using:
echo "password" | kinit "username"
then running the latest version sharphound with mono:
mono "/tmp/SharpHound/bin/Release/net462/SharpHound.exe"
-c LocalGroup
--ldapusername "username"
--ldappassword "password"
--disablecertverification
--disablesigning
--forcesecureldap
--skipportcheck
--domain "our.domain"
--domaincontroller "dc.our.domain"
--outputdirectory "/tmp/sharphound_output"
-v 0
in our checkpoint firewall i can see its trying to connect over port 389 four times. eventually the testconnection link times out and results in:
also tried an older version 2.4.1 results in same-like error;
Why is it trying to connect over 389 while i have --forcesecureldap? anyone got any solution or see an issue in the configuration?
The text was updated successfully, but these errors were encountered: