Closed jsdhasfeds closed 2 years ago
Hey there! Strange... it should work. Can you attack screenshots or logs of your tests? Please use -vv
to have debug level logs.
Sure! In the screenshot you see a working TGT request, export of the credential cache, a list of the active ticket and the attempt to add shadow credentials authenticating using Kerberos which fails. I used the flag "-vv" for that but I got no extra output.
At the end of the screenshot you see a working example of adding shadow credentials authenticating using a plaintext password and using the same accounts and the same DC as above.
Hey @jsdhasfeds, I just created a PR solving the issue, feel free to try it out :)
Should be fixed in #3 and #4, closing the issue, feel free to open it again if needed :wink:
Hi. Thank you very much for your time writing this tool!
I can successfully add shadow credentials when authenticating using a plaintext password but when I try the same using Kerberos authentication on the same machine in the same "session" it fails with "invalid server address". I have tested all kind of variations of the parameters such as "-d [domain]" and "--dc-ip [DC IP]" in various locations of the command but I always get the same error. Note that I have no issues using for example Impacket's secretsdump script with Kerberos in the same environment.
I also noted that you have not used the "-k" parameter in any of your examples here so I cannot check my command against an example.