From a39d8db4b29f40a040cdae17ca8d8a2e6b62eccc Mon Sep 17 00:00:00 2001
From: Shutdown <nwodtuhs+github@pm.me>
Date: Mon, 13 Sep 2021 16:36:52 +0200
Subject: [PATCH] Patching SID query of the incoming user

---
 impacket/examples/ntlmrelayx/attacks/ldapattack.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/impacket/examples/ntlmrelayx/attacks/ldapattack.py b/impacket/examples/ntlmrelayx/attacks/ldapattack.py
index 2ac7e8966..dd4edff83 100644
--- a/impacket/examples/ntlmrelayx/attacks/ldapattack.py
+++ b/impacket/examples/ntlmrelayx/attacks/ldapattack.py
@@ -300,8 +300,8 @@ def aclAttack(self, userDn, domainDumper):
         # Dictionary for restore data
         restoredata = {}
 
-        # Query for the sid of our user
-        self.client.search(userDn, '(objectCategory=user)', attributes=['sAMAccountName', 'objectSid'])
+        # Query for the sid of our incoming account (can be a user or a computer in case of a newly creation computer account (i.e. MachineAccountQuot abuse)
+        self.client.search(userDn, '(objectCategory=*)', attributes=['sAMAccountName', 'objectSid'])
         entry = self.client.entries[0]
         username = entry['sAMAccountName'].value
         usersid = entry['objectSid'].value