Error with dnstool.py remove about krbrelayx HOT 7 CLOSED

it's likely related to a combination of ldap3 / pyasn1 version since the errors are all occurring there

from krbrelayx.

Hey there, I'm digging this issue, I have also encountered it today. I was able to create, query and modify records but was unable to clean up after. It seems the ldapdelete action isn't doing anything. And I had the same errors when trying to remove the records.
Could anyone take a look at this? I'll try to find a fix on my side but I think the authors will be far more efficient that I would be on this 😅

from krbrelayx.

Further tests showed that using python instead of python3 could help. It may have been dependency issues on my end.

from krbrelayx.

Can confirm this works without issue when using python2.7 (impacket/ldap)

from krbrelayx.

Did some further digging and it turned out the issue was actually with the script and it more or less by chance worked in python 2. This is fixed now. I've also actually implemented the ldapdelete operation (which was previously missing).

from krbrelayx.

Hello, I just wanted to follow up and see if anybody has confirm that this functionality is now working, I ran the below and received the following back "SPN Modified successfully":

python3 addspn.py -u 'DOMAIN\unconstrainedhost$' -p 'REDACTED:REDACTED' -s HOST/attacker.DOMAIN.NET --remove domaincontroller

I see that when querying the host the msDs-AdditionalDNS for attacker.DOMAIN.NET is no longer present; however the ATTACKER$ record is still there.

from krbrelayx.

this thread is about the dns tool, not the SPN tool. You may need to repeat your command for the ATTACKER$ SPN to remove the netbios name which got added automatically.

from krbrelayx.