Skip to content

Instantly share code, notes, and snippets.

@astockwell
Last active June 8, 2020 10:09
Show Gist options
  • Save astockwell/359c950fbc650c339eea to your computer and use it in GitHub Desktop.
Save astockwell/359c950fbc650c339eea to your computer and use it in GitHub Desktop.
Decoding Oracle Raw(16), in Python 3 and Ruby 2
def split_into_chunks(string, chunk_length=2):
chunks = []
while len(string) > 0:
chunks.append(string[:chunk_length])
string = string[chunk_length:]
return chunks
def to_oracle_raw16(string, strip_dashes=True, dashify_result=False):
oracle_format_indices = [3, 2, 1, 0, 5, 4, 7, 6, 8, 9, 10, 11, 12, 13, 14, 15]
if strip_dashes:
string = string.replace("-", "")
parts = split_into_chunks(string)
result = ""
for index in oracle_format_indices:
result = result + parts[index]
if dashify_result:
result = result[:8] + '-' + result[8:12] + '-' + result[12:16] + '-' + result[16:20] + '-' + result[20:]
return result
def pack_guid(string):
return bytearray.fromhex(to_oracle_raw16(string))
def unpack_guid(ba):
hex_s = "".join("%02x" % b for b in ba)
return to_oracle_raw16(hex_s, True, True)
module GuidSplitter
def self.to_oracle_raw16(string, strip_dashes=true, dashify_result=false)
oracle_format_indices = [3, 2, 1, 0, 5, 4, 7, 6, 8, 9, 10, 11, 12, 13, 14, 15]
string = string.gsub("-"){ |match| "" } if strip_dashes
parts = split_into_chunks(string)
result = oracle_format_indices.map { |index| parts[index] }.reduce("", :+)
if dashify_result
result = [result[0..7], result[8..11], result[12..15], result[16..19], result[20..result.size]].join('-')
end
return result
end
def self.split_into_chunks(string, chunk_length=2)
chunks = []
while string.size >= chunk_length
chunks << string[0, chunk_length]
string = string[chunk_length, string.size]
end
chunks << string unless string.empty?
return chunks
end
def self.pack_guid(string)
[to_oracle_raw16(string)].pack('H*')
end
def self.unpack_guid(hex)
to_oracle_raw16(hex.unpack('H*').first, true, true)
end
end
# after `pip install ldap3`
from ldap3 import Server, Connection, SIMPLE, SYNC, ASYNC, SUBTREE, ALL
s = Server('10.0.0.101', port = 636, use_ssl = True)
c = Connection(s, auto_bind = True, client_strategy = SYNC, user='user', password='password', authentication=SIMPLE)
search_filter = '(&(objectClass=group)(cn={0}))'.format("GroupXYZ")
c.search(
search_base = 'DC=company,DC=com',
search_filter = search_filter,
attributes = ['cn', 'objectGUID']
)
group = c.response
print(group[0]['attributes']['objectGUID'][0])
# => b"25\xe1'\x8a\xc6\xdbF\x98\x9d\x9f\xac\xed:N\x7f"
print(unpack_guid(group[0]['attributes']['objectGUID'][0]))
# => 27e13532-c68a-46db-989d-9faced3a4e7f
from ldap3.utils.conv import escape_bytes
target_group_guid = "27e13532-c68a-46db-989d-9faced3a4e7f"
packed = pack_guid(target_group_guid)
search_filter = '(&(objectClass=group)(objectGUID={0}))'.format(escape_bytes(packed))
c.search(
search_base = 'DC=company,DC=com',
search_filter = search_filter,
attributes = ['cn', 'objectGUID']
)
group = c.response
print(group[0]['attributes']['cn'][0])
# => "GroupXYZ"
require 'net/ldap'
require './parse_guid'
@ldap = Net::LDAP.new(
:host => '10.0.0.101',
:port => 636,
:encryption => :simple_tls,
:auth => {
:method => :simple,
:username => 'user',
:password => 'password'
}
)
raise "LDAP Bind failed to ldap" unless @ldap.bind
query = "(&(objectClass=group)(cn=GroupXYZ))"
results = @ldap.search(
:filter => Net::LDAP::Filter.construct(query),
:base => "DC=company,DC=com",
:attributes => [:cn, :objectGUID],
)
p results.first.objectguid.first
# => "25\xE1'\x8A\xC6\xDBF\x98\x9D\x9F\xAC\xED:N\x7F"
p GuidSplitter::unpack_guid(results.first.objectguid.first)
# => "27e13532-c68a-46db-989d-9faced3a4e7f"
target_group_guid = "27e13532-c68a-46db-989d-9faced3a4e7f"
query = "(&(objectClass=group)(cn=#{ GuidSplitter::pack_guid(target_group_guid) }))"
results = @ldap.search(
:filter => Net::LDAP::Filter.construct(query),
:base => "DC=company,DC=com",
:attributes => [:cn, :objectGUID],
)
p results.first.cn.first
# => "GroupXYZ"
@vincenthe11
Copy link

GroupXYZ is?

@SaltwaterC
Copy link

Thanks. I thought I was having a stroke. Seeing that the GUID's have the same bytes, but under a different order, doesn't make a lot of sense when reading raw output from Net::LDAP for the first time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment