Skip to content

Add mssql_cbt checker module#1047

Open
Dfte wants to merge 5 commits intoPennyw0rth:mainfrom
Dfte:main
Open

Add mssql_cbt checker module#1047
Dfte wants to merge 5 commits intoPennyw0rth:mainfrom
Dfte:main

Conversation

@Dfte
Copy link
Contributor

@Dfte Dfte commented Dec 24, 2025

This PR adds the mssql_cbt module used to check whether Channel Binding is required or not.

IMPORTANT: this PR requires fortra/impacket#2098 being merged as I need to be able to inject a fake CBT value to test whether authentication works or not.

  • If required:
image
  • If not required (can be Never or Accepted):
image

Note that CBT cannot be computed on local_auth or if TLS is not enforced (which explains the two first if else).

@NeffIsBack
Copy link
Member

Awesome!

@Marshall-Hallenbeck
Copy link
Collaborator

@Dfte can you update this PR to use our template?

cbt_fake_value=b""
)

log_result(success)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably a bit overkill to call a method. Just do if success: log(connection successfull...); else: log(connection unsuccessful...)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah you are right. Initially I had to use that in order not to duplicate code. Will remove now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants