Web界面登录提示：“数据库中不存在该用户” #11

1192054758 · 2023-09-20T15:53:16Z

大佬们好，请帮忙分析下我这环境的问题原因。

由于需要导入模拟器中，所以对部分配置做了修改。

1、网络拓扑。

watchad：10.1.2.104
ad:10.1.1.101
watchad和域控网络可达，可以ping通，直接在域控上访问http://10.1.2.104

———————————————————————————————————————————————————————

2、.env 文件：
root@watchadmin:/opt/watchadmin/WatchAD2.0-master# cat .env
#KAFKA配置，需修改为当前服务器的IP
KAFKAHOST=10.1.2.104
KAFKAADV=PLAINTEXT://10.1.2.104:9092
BROKER=10.1.2.104:9092

#Mongo配置，默认账号密码
MONGOUSER=IATP
MONGOPWD=IATP-by-360

#域控配置，其中DCUSER为域内用户的DN
DCNAME="Cancer.com"
DCSERVER=10.1.1.101
DCUSER="CN=Administrator,CN=Users,DC=Cancer,DC=com"
#DCUSER="[email protected]"
DCPWD="Aa123..."

#WEB配置，可配置为域内任意用户，或DCUSER的CN
WEBUSER="Administrator"

3、DockerFile：
root@watchadmin:/opt/watchadmin/WatchAD2.0-master# cat Dockerfile
FROM golang:1.17.1-buster as builder
# 为我们的镜像设置必要的环境变量
ENV GO111MODULE=on
GOPROXY=https://goproxy.cn,direct
WORKDIR /go/src
COPY ./ /go/src/iatp_opensource
RUN cd /go/src/iatp_opensource && go mod vendor
RUN cd /go/src/iatp_opensource && go build -o /go/iatp main.go

# 修改 --disable-legacy-registry 参数为 true
RUN if [ "$DISABLE_LEGACY_REGISTRY" = "true" ]; then
echo "disable-legacy-registry=true" >> /etc/docker/daemon.json;
fi

FROM centos
WORKDIR /home
COPY ./.env ./.env
COPY ./entrypoint.sh ./entrypoint.sh
COPY ./iatp_wbm/static ./iatp_wbm/static
COPY ./iatp_wbm/templates ./iatp_wbm/templates
COPY --from=builder /go/iatp ./iatp
COPY --from=builder /go/iatp ./iatp
RUN chmod 755 ./iatp
RUN chmod 755 ./entrypoint.sh

# 执行运行
# ./iatp run --web_start1
CMD ["./entrypoint.sh"]
#CMD ["./iatp","run","--web_start"]
———————————————————————————————————————————————————————
4、logs：
root@watchadmin:/opt/watchadmin/WatchAD2.0-master# docker logs -f -n 300 watchad20-master-iatp-1
[+] CANCER 域注册失败: 未查询到域控制器.
创建日志缓存....
[-]认证域配置失败:数据库中未注册该域信息, mongo: no documents in result
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xe25a43]

goroutine 1 [running]:
iatp/cmd.glob..func4(0x1a7f740, {0x1039ae7, 0x5, 0x5})
/go/src/iatp_opensource/cmd/web.go:55 +0x1a3
github.com/spf13/cobra.(*Command).execute(0x1a7f740, {0xc0002132c0, 0x5, 0x5})
/go/src/iatp_opensource/vendor/github.com/spf13/cobra/command.go:860 +0x5f8
github.com/spf13/cobra.(*Command).ExecuteC(0x1a7efc0)
/go/src/iatp_opensource/vendor/github.com/spf13/cobra/command.go:974 +0x3bc
github.com/spf13/cobra.(*Command).Execute(...)
/go/src/iatp_opensource/vendor/github.com/spf13/cobra/command.go:902
iatp/cmd.Execute()
/go/src/iatp_opensource/cmd/root.go:47 +0x25
main.main()
/go/src/iatp_opensource/main.go:21 +0x17
==> engine.log <==

==> web.log <==

==> engine.log <==
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Local Dump Ntds","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"AS-REP Abnormal Response","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Resource Based Constraint Delegation","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"GPO DELEGATION","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Shadow Credentials","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SID History","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"NEW GPO","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DCShadow","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SPN Jacking","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"ZeroLogon","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"samAccountName Spoofing","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"SpoolSample","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Remote Code Execute","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Similar Dc User","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"ADCS-ESC","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"MS17-010","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DCSync","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Explicit Credential","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"DSRM Change","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Abnormal Permissions","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Create Machine User","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Kerberoasting","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Clear Log","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Reset Account Password","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Close Log Service","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"JuicyPotato","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"NTLM Relay","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Certificate Active","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"TGT Activities","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerBypassplugins","level":"info","msg":"加载实时日志检测插件","plugin_name":"Skeleton Key","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.Start","level":"info","msg":"IATP 配置加载完成","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.Start.func3","level":"info","msg":"计划任务服务启动完成","time":"2023-09-20 15:03:29"}
{"appName":"IATP Engine","file":"iatp.go","func":"iatp/iatp.registerSourceEvent","level":"info","msg":"数据来源启动","source_name":"ITEvent","time":"2023-09-20 15:03:29"}

==> web.log <==
Now listening on: http://0.0.0.0
Application started. Press CTRL+C to shut down.

==> engine.log <==
2023/09/20 15:29:38 Sarama consumer up and running!...

==> web.log <==
2023/09/20 15:29:45 net/http: invalid Cookie.Domain ".2.104"; dropping domain attribute
———————————————————————————————————————————————————————
5、docker ps：
root@watchadmin:/opt/watchadmin/WatchAD2.0-master# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ae462e82893a watchad20-master-iatp "./entrypoint.sh" 11 minutes ago Up 11 minutes watchad20-master-iatp-1
68ef7e72add5 wurstmeister/kafka "start-kafka.sh" 11 minutes ago Up 11 minutes 0.0.0.0:9092->9092/tcp, :::9092->9092/tcp watchad20-master-kafka-1
705fae2ec29b wurstmeister/zookeeper "/bin/sh -c '/usr/sb…" 11 minutes ago Up 11 minutes 22/tcp, 2888/tcp, 3888/tcp, 0.0.0.0:2181->2181/tcp, :::2181->2181/tcp watchad20-master-zookeeper-1
f206162b28a1 mongo:4.2 "docker-entrypoint.s…" 11 minutes ago Up 11 minutes 0.0.0.0:27017->27017/tcp, :::27017->27017/tcp watchad20-master-mongo-1
———————————————————————————————————————————————————————
6、docker compose.yml:
root@watchadmin:/opt/watchadmin/WatchAD2.0-master# cat docker-compose.yml
version: '3'
services:
zookeeper:
image: wurstmeister/zookeeper
ports:
- "2181:2181"
kafka:
image: wurstmeister/kafka
ports:
- "9092:9092"
depends_on:
- zookeeper
environment:
# client 要访问的 broker 地址
KAFKA_ADVERTISED_HOST_NAME: ${KAFKAHOST}
KAFKA_BROKER_ID: 1
# 通过端口连接 zookeeper
KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
# 外部网络只能获取到容器名称，在内外网络隔离情况下
# 通过名称是无法成功访问 kafka 的
# 因此需要通过绑定这个监听器能够让外部获取到的是 IP
KAFKA_ADVERTISED_LISTENERS: ${KAFKAADV}
# kafka 监听器，告诉外部连接者要通过什么协议访问指定主机名和端口开放的 Kafka 服务。
KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:9092
# 设置 kafka 日志位置
KAFKA_LOG_DIRS: "/kafka/logs"
volumes:
- ./data/kafka/logs:/kafka/logs
mongo:
image: mongo:4.2
ports:
- "27017:27017"
environment:
MONGO_INITDB_ROOT_USERNAME: ${MONGOUSER}
MONGO_INITDB_ROOT_PASSWORD: ${MONGOPWD}
volumes:
- ./data/mongo:/data/db
iatp:
build: .
network_mode: host
depends_on:
- kafka
- mongo
———————————————————————————————————————————————————————
7、域控配置：

———————————————————————————————————————————————————————
不知道为什么注册失败，也看其他issue的回答，尝试更改.env文件，但是还是不成功，请帮忙分析下原因。十分感谢。

Cgaii · 2023-09-21T02:24:41Z

看起来应该是域控配置初始化失败了，可以尝试下进入iatp的docker容器，手动执行下域控初始化命令
1、配置认证域LDAP 由于web 管理端依赖于LDAP进行身份验证,所以需提前配置好认证域LDAP的相关配置 ./main init --mongourl mongodb://mongo: [email protected]:27017 --domainname demo.com --domainserver 10.10.10.11 --username "IATP" --password "Pass123"
2、初始化数据表索引 ./main init --mongourl mongodb://mongo: [email protected]:27017 --index
3、Web管理端配置 ./main web --init --authdomain demo.com --user IATP 设置初始需要登录的用户账户,该用户账户需要和ldap中的值保持一致.

0xo7 · 2024-02-17T12:55:12Z

一样的问题，大佬怎么解决的呀，进入容器执行 ./main init --mongourl mongodb://mongo: [email protected]:27017 --domainname demo.com --domainserver 10.10.10.11 --username "IATP" --password "Pass123"报错

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Web界面登录提示：“数据库中不存在该用户” #11

Web界面登录提示：“数据库中不存在该用户” #11

1192054758 commented Sep 20, 2023 •

edited

Loading

Cgaii commented Sep 21, 2023

0xo7 commented Feb 17, 2024 •

edited

Loading

Web界面登录提示：“数据库中不存在该用户” #11

Web界面登录提示：“数据库中不存在该用户” #11

Comments

1192054758 commented Sep 20, 2023 • edited Loading

大佬们好，请帮忙分析下我这环境的问题原因。

Cgaii commented Sep 21, 2023

0xo7 commented Feb 17, 2024 • edited Loading

1192054758 commented Sep 20, 2023 •

edited

Loading

0xo7 commented Feb 17, 2024 •

edited

Loading