Skip to content

fix(add-computer): make standalone, fix password zeroing, add l_timev…#147

Open
0xGunrunner wants to merge 1 commit into
Adaptix-Framework:mainfrom
0xGunrunner:fix/add-computer-standalone
Open

fix(add-computer): make standalone, fix password zeroing, add l_timev…#147
0xGunrunner wants to merge 1 commit into
Adaptix-Framework:mainfrom
0xGunrunner:fix/add-computer-standalone

Conversation

@0xGunrunner

Copy link
Copy Markdown

This adds a new set-password-auth BOF that resets an AD user's password using the current beacon token rather than requiring explicit plaintext credentials. The existing set-password BOF requires passing a username and password for authentication, which is inconvenient post-compromise when you already have a usable Kerberos context or NTLM token in the beacon. This BOF binds to LDAP using the current token via LDAP_AUTH_KERBEROS with a fallback to LDAP_AUTH_NEGOTIATE, then writes the new unicodePwd over LDAPS or a signed-and-sealed LDAP channel.

The BOF resolves the target by sAMAccountName, cn, or full DN, encodes the new password as UTF-16LE quoted unicode ("password" format required by AD), and writes it via ldap_modify_s with LDAP_MOD_REPLACE. It enforces a sealed channel — LDAPS on port 636 or SASL sign+seal on 389 — since AD rejects unicodePwd writes over unsigned connections. Password memory is zeroed before free on all exit paths.

The LDAP.axs script definition and Makefile entry are included so the command appears in Adaptix as ldap set-password-auth <target> <newpassword> -dc <dc-fqdn> [--ldaps] alongside the existing set commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant