Skip to content

[LDAP] Add custom cbt_value #1977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 2, 2025
Merged

[LDAP] Add custom cbt_value #1977

merged 3 commits into from
Oct 2, 2025

Conversation

@zblurx
Copy link
Contributor

@zblurx zblurx commented Jun 6, 2025

Hey guys ! This simple PR allows for channel binding customization. This helps us a lot on NetExec to check for channel binding status. If you want, I can add a custom example script in Impacket to do LDAP Signing / Channel binding check. Let me know !

@anadrianmanrique anadrianmanrique self-assigned this Jun 11, 2025
@anadrianmanrique anadrianmanrique added the in review This issue or pull request is being analyzed label Jun 11, 2025
@anadrianmanrique
Copy link
Collaborator

anadrianmanrique commented Jun 13, 2025

@zblurx thanks for the PR. I think it would be nice to have an example to test signing/channel binding, not only because it would be helpful as an info gathering tool, but also to validate these changes as well.
Thanks

@anadrianmanrique anadrianmanrique added the waiting for response Further information is needed from people who opened the issue or pull request label Jun 23, 2025
@anadrianmanrique anadrianmanrique added medium Medium priority item and removed in review This issue or pull request is being analyzed labels Jul 4, 2025
@mpgn
Copy link
Contributor

mpgn commented Aug 8, 2025

@zblurx any update :) ?

@anadrianmanrique
Copy link
Collaborator

anadrianmanrique commented Aug 8, 2025

We are waiting changes adding an example that leverages these changes, as it was mentioned above

@zblurx
Copy link
Contributor Author

zblurx commented Aug 20, 2025

Hey @anadrianmanrique @mpgn sorry for the delay, here is the example script.

image

@Dfte
Copy link
Contributor

Dfte commented Sep 29, 2025

AH I'm gonna do the same for MSSQL then!

@anadrianmanrique
applied code review changes
a72a13c 
   - make channel_bidinng_value variable public
@anadrianmanrique
Copy link
Collaborator

anadrianmanrique commented Oct 2, 2025

ok, I pushed changes related to code review in order to have this merged ASAP as we are closing 0.13 release.
merging now. Thanks!

@anadrianmanrique anadrianmanrique removed the waiting for response Further information is needed from people who opened the issue or pull request label Oct 2, 2025
anadrianmanrique
anadrianmanrique approved these changes Oct 2, 2025
View reviewed changes
examples/CheckLDAPStatus.py Outdated
# Login failed (wrong credentials). test if we get an error with an existing, but wrong CBT -> When supported
elif str(e).find("data 52e") >= 0:
ldap_connection = LDAPConnection(url=ldap_url)
new_cbv = bytearray(ldap_connection._LDAPConnection__channel_binding_value)
Copy link
Collaborator

@anadrianmanrique anadrianmanrique Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

either define channel_biding_value as a public member in LDAPConnection or implement getter/setter methods

@anadrianmanrique anadrianmanrique merged commit eaf2e55 into fortra:master Oct 2, 2025
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@anadrianmanrique anadrianmanrique anadrianmanrique approved these changes

Assignees

@anadrianmanrique anadrianmanrique

Labels

medium Medium priority item

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@zblurx @anadrianmanrique @mpgn @Dfte