Microsoft AD DS - Encoding msDFS-TargetListv2
Posted Mon 27 Mar 2023 11:21:14 AM CEST
Florian Lohoff
When looking for exporting the DFS targets from an AD DS dump created with ldifde you stumple upon tons of issues with bullshit microsoft creates.
First they create an .xml file with information, put this into the AD attribute msDFS-TargetListv2 and fuck up the base64 encoding beyond repair in ldifde:
See this?
\\48AD8AeABtAGwAIAB2AGUAcgBzAGkAbwBuAD0AIgAxAC4AMAAiACAAZQBuAGMAbwBkAGkAbgBnAD
0AIgB1AHQAZgAtADEANgAiAD8APgANAAoAPAB0AGEAcgBnAGUAdABzACAAbQBhAGoAbwByAFYAZQBy
Okay - this looks like base64 except the "\" at the beginning. Removing the \ breaks the base64 so you'll need them
After playing around a bit Microsoft fucked this up by replacing the needed "//" with "\".
I guess they simply pushed stuff after the base64 encoder through the filepath decoder or something.
Fucked up beyond repair