search

Kevin-Robertson / Inveigh

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
BSD 3-Clause "New" or "Revised" License
2.44k stars 433 forks source link

Exception Calling "Write" and "Read" After Successful Auth due to Conenction being Forcibly Closed By Remote Host #25

Closed e-fin closed 3 years ago

e-fin commented 3 years ago
Screen Shot 2020-09-25 at 12 57 57 PM

Above is the screenshot of what happens when I run the identical commands that are in the screenshot at the bottom of the wiki (https://github.com/Kevin-Robertson/Inveigh/wiki). The IP and command is changed for the appropriate target and a basic New-Item powershell command for testing.

The read issue started when I tried to do it from the domain admin account instead of the local admin. Ive disabled firewalls on both systems, disabled SMB signing, and even tried using Inveigh 1.4 because the machines are a little out of date, I might even try 1.3 if I cant figure this out but I dont think thats the issue.

If I can provide any more information please let me know! Thanks in advance to anyone who can give me a point in the right direction, im starting to feel like ive hit a brick wall.

e-fin commented 3 years ago
Screen Shot 2020-09-25 at 1 14 44 PM

Here is the output when I try to authenticate with the correct domain admin creds, I still get the forcibly closed issue

e-fin commented 3 years ago

It seemed to resolve itself after I grabbed a coffee, not sure what changed exactly either than me authenticating as the domain Administrator which previously didnt work