Aclpwn.Py - Active Directory ACL Exploitation With BloodHound

Aclpwn.py is a tool that interacts with BloodHound to identify and exploit ACL based privilege escalation paths. It takes a starting and ending point and will use Neo4j pathfinding algorithms to find the most efficient ACL based privilege escalation path. Aclpwn.py is similar to the PowerShell...

How to get the Organization Units (OU) and Hosts from Microsoft Active Directory using Python ldap3

I recently figured out how to work with Microsoft Active Directory using Python 3. I wanted to get a hierarchy of Organizational Units OUs and all the network hosts associated with these OUs to search for possible anomalies. If you are not familiar with AD, here is a good thread about the...

openSUSE Security Update : python-mitmproxy (openSUSE-2019-581)

This update for python-mitmproxy fixes the following issues : The following security vulnerability was fixed : - CVE-2018-14505: Fixed multiple DNS rebinding attacks related to tools/web/app.py boo1102178 The following other issue was fixed : - Fixed a dependency issue with python-ldap3 boo110145...

Security update for python-mitmproxy (moderate)

This update for python-mitmproxy fixes the following issues: The following security vulnerability was fixed: - CVE-2018-14505: Fixed multiple DNS rebinding attacks related to tools/web/app.py boo1102178 The following other issue was fixed: - Fixed a dependency issue with python-ldap3 boo1101457...

Authentication Bypass

ldap3 is affected by an authentication bypass vulnerability. The rebind method of the Connection object allows for a successful rebind using an empty password after a correct bind with a valid password...