Trouble trying to use sharphound from a non domain joined linux container #128
Description
Hi, im experiencing the following issue and wondering if anyone knows how to resolve this;
I have sharphound (latest) running on an ubuntu container in azure container instances, it connect to our on premise DC with ports 53,88 and 636 /TCP open.
checked:
our.domain can connect with netcat/telnet on port 636
openssl confirms certs are valid
ldapsearch works and returns data with:
ldapsearch -H ldaps://our.domain:636
-D "username"
-w "password"
-b "DC=our,DC=domain"
"(objectClass=*)"
klist results in a valid kerberos ticket using:
echo "password" | kinit "username"
then running the latest version sharphound with mono:
mono "/tmp/SharpHound/bin/Release/net462/SharpHound.exe"
-c LocalGroup
--ldapusername "username"
--ldappassword "password"
--disablecertverification
--disablesigning
--forcesecureldap
--skipportcheck
--domain "our.domain"
--domaincontroller "dc.our.domain"
--outputdirectory "/tmp/sharphound_output"
-v 0
in our checkpoint firewall i can see its trying to connect over port 389 four times. eventually the testconnection link times out and results in:
2024-12-17T13:07:29.9695920+00:00|INFORMATION|This version of SharpHound is compatible with the 5.0.0 Release of BloodHound
2024-12-17T13:07:30.3400440+00:00|INFORMATION|Resolved Collection Methods: LocalAdmin, RDP, DCOM, PSRemote
2024-12-17T13:07:30.4328200+00:00|TRACE|Entering initialize link
2024-12-17T13:07:30.4368430+00:00|INFORMATION|Initializing SharpHound at 13:07 on 12/17/2024
2024-12-17T13:07:30.4381900+00:00|TRACE|Exiting initialize link
2024-12-17T13:07:30.4582640+00:00|TRACE|Entering TestConnection link, testing domain our.domain
2024-12-17T13:09:41.2792480+00:00|DEBUG|Static GetDomain call failed for domain our.domain: The method or operation is not implemented.
2024-12-17T13:09:41.2941180+00:00|DEBUG|[CommonLib LdapConnectionPool]Creating connection for identifier dc.our.domain
2024-12-17T13:09:41.3049840+00:00|INFORMATION|[CommonLib LdapConnectionPool]We will not be able to connect to domain our.domain by any strategy, leaving it.
System.NotImplementedException: The method or operation is not implemented.
at SharpHoundCommonLib.LdapConnectionPool.CreateBaseConnection (System.String directoryIdentifier, System.Boolean ssl, System.Boolean globalCatalog) [0x00041] in <b429ef628f6a4201b3fb43884d203584>:0
at SharpHoundCommonLib.LdapConnectionPool.CreateLdapConnection (System.String target, System.Boolean globalCatalog, SharpHoundCommonLib.LdapConnectionWrapper& connection) [0x00000] in <b429ef628f6a4201b3fb43884d203584>:0
at SharpHoundCommonLib.LdapConnectionPool.CreateNewConnectionForServer (System.String identifier, System.Boolean globalCatalog) [0x00000] in <b429ef628f6a4201b3fb43884d203584>:0
at SharpHoundCommonLib.LdapConnectionPool.CreateNewConnection (System.Boolean globalCatalog) [0x00043] in <b429ef628f6a4201b3fb43884d203584>:0
2024-12-17T13:09:41.3131410+00:00|ERROR|Unable to connect to LDAP: All attempted connections failed
2024-12-17T13:09:41.3144920+00:00|TRACE|Exiting TestConnection link
also tried an older version 2.4.1 results in same-like error;
024-12-17T13:24:18.7471300+00:00|INFORMATION|This version of SharpHound is compatible with the 5.0.0 Release of BloodHound
2024-12-17T13:24:19.0618220+00:00|INFORMATION|Resolved Collection Methods: LocalAdmin, RDP, DCOM, PSRemote
2024-12-17T13:24:19.0948140+00:00|TRACE|Entering initialize link
2024-12-17T13:24:19.0975160+00:00|INFORMATION|Initializing SharpHound at 13:24 on 12/17/2024
2024-12-17T13:24:19.0996500+00:00|TRACE|Entering TestConnection link
2024-12-17T13:24:19.1180990+00:00|DEBUG|[CommonLib LDAPUtils]GetDomain call failed at GetDomain at offset 0 in file:line:column <filename unknown>:0:0
System.NotImplementedException: The method or operation is not implemented.
at SharpHoundCommonLib.LDAPUtils.GetDomain (System.String domainName) [0x00077] in <8659aef034cd4871b3f1b9b8066b073a>:0
2024-12-17T13:24:19.1195830+00:00|TRACE|[CommonLib LDAPUtils]Testing LDAP connection for domain our.domain
2024-12-17T13:24:19.1368740+00:00|TRACE|[CommonLib LDAPUtils]Creating ldap connection for DC with filter (objectclass=domain)
2024-12-17T13:24:19.1614320+00:00|WARNING|[CommonLib LDAPUtils]Failed to setup LDAP Query Filter: Exception getting LDAP connection for (objectclass=domain) and domain BUSINESS.FINL.FORTIS
2024-12-17T13:24:19.1681160+00:00|ERROR|Error running SharpHound: Failed to setup LDAP Query Filter
at SharpHoundCommonLib.LDAPUtils+<QueryLDAP>d__40.MoveNext () [0x000a7] in <8659aef034cd4871b3f1b9b8066b073a>:0
at System.Linq.Enumerable+DefaultIfEmptyIterator`1[TSource].MoveNext () [0x0002b] in <d22af090bceb4be792f53595cf074724>:0
at System.Linq.Enumerable.TryGetFirst[TSource] (System.Collections.Generic.IEnumerable`1[T] source, System.Boolean& found) [0x0005c] in <d22af090bceb4be792f53595cf074724>:0
at System.Linq.Enumerable.FirstOrDefault[TSource] (System.Collections.Generic.IEnumerable`1[T] source) [0x00000] in <d22af090bceb4be792f53595cf074724>:0
at SharpHoundCommonLib.LDAPUtils.TestLDAPConfig (System.String domain) [0x00064] in <8659aef034cd4871b3f1b9b8066b073a>:0
at Sharphound.SharpLinks.TestConnection (Sharphound.Client.IContext context) [0x00023] in <6ebe01ee6c6f4f6b96e30c5d391c49ba>:0
at Sharphound.Program+<>c__DisplayClass0_0.<Main>b__1 (Sharphound.Options options) [0x005c7] in <6ebe01ee6c6f4f6b96e30c5d391c49ba>:0
at CommandLine.ParserResultExtensions.WithParsedAsync[T] (CommandLine.ParserResult`1[T] result, System.Func`2[T,TResult] action) [0x00075] in <16134578226e4e409ecbdd10473cf8f2>:0
at Sharphound.Program.Main (System.String[] args) [0x00101] in <6ebe01ee6c6f4f6b96e30c5d391c49ba>:0
Why is it trying to connect over 389 while i have --forcesecureldap? anyone got any solution or see an issue in the configuration?