2017-12-17 09:46 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0003821Kali Linux[All Projects] Kali Package Bugpublic2017-12-05 13:37
ReporterTheNaterz 
Assigned To 
PrioritynormalSeveritytweakReproducibilityalways
StatusresolvedResolutionfixed 
Product Version2016.2 
Target VersionFixed in Version2018.1 
Summary0003821: polenum-0.2 inaccurately reports time values associated with password policies
Descriptionpolenum is a python script used by enum4linux to report password policy information. We identified and fixed 2 issues related to this report.

In the first issue, polenum was using the 'days' variable for 1 hour and 1 minute values. These have been changed to the 'hours' and 'minutes' variables respectively. Polenum was also not correctly concatenating the time string. If a duration is set to 1 day 1 hour 1 minutes (1501 minutes), polenum will report it as 1 minute. This has been fixed as well.

The second issue deals with how polenum was evaluating the 8-byte integer representing time values. Polenum was converting this number into 2 4-byte integers, determining if a value is 'Not Set' or 'None', then converting back into an 8-byte integer. If an account lockout period is set to a non-standard value (e.g. 61 minutes), the final 8-byte integer differs from the original and incorrectly reports the lockout period. We've submitted a fix for this so that the original 8-byte integer is preserved while still allowing for the ability to evaluate 'Not Set' and 'None' values.
Steps To Reproduce1st issue:

1. On a Windows host, set either 'Account lockout duration' or 'Reset account lockout counter after' to 60 minutes. (gpedit.msc > Computer Configuration > Windows Settings > Security Settings > Account Policies > Account Lockout Policy). An 'Account lockout threshold' will need to be set to change these values.

2. Using enum4linux, and with the current polenum-0.2 in PATH, run the following command: ./enum4linux -u windows_username -p windows_password -P windows_host_ip

3. Either 'Locked Account Duration' or 'Reset Account Lockout Counter' will report 0 hour instead of 1 hour.

2nd issue:

1. On a Windows host, set either 'Account lockout duration' or 'Reset account lockout counter after' to 61 minutes.

2. Using enum4linux, and with the current polenum-0.2 in PATH, run the following command: ./enum4linux -u windows_username -p windows_password -P windows_host_ip

3. Either 'Locked Account Duration' or 'Reset Account Lockout Counter' will report 53 minutes instead of 1 hour 1 minute.
Additional InformationWe're currently hosting a patched version of polenum on our public Github: https://github.com/RiskSense-Ops/polenum. I've also attached the patched polenum.py script. Please review and let us know if any further issues are encountered.
Attached Files

-Relationships
+Relationships

-Notes

~0006245

TheNaterz (reporter)

Actually, a much more decent polenum can be found here: https://github.com/Wh1t3Fox/polenum

Notably, this version is more regularly maintained and also supports the latest impacket dcerpc v5 library.

~0007664

sbrun (manager)

fixed in new version 1.4-0kali1
+Notes

-Issue History
Date Modified Username Field Change
2017-01-06 18:47 TheNaterz New Issue
2017-01-06 18:47 TheNaterz File Added: polenum.py
2017-01-13 18:35 TheNaterz Note Added: 0006245
2017-12-05 13:36 sbrun Note Added: 0007664
2017-12-05 13:37 sbrun Status new => resolved
2017-12-05 13:37 sbrun Resolution open => fixed
2017-12-05 13:37 sbrun Fixed in Version => 2018.1
+Issue History