Describe the bug
Acces denied while trying to dump NTDS using drsuapi method. It was performed with the primary DC machine account, which is not local admin on its machine.
The expected behavior is that it should have worked, since it is working with impacket secretsdump.
To Reproduce
The bug might be hard to reproduce since it may be caused by an irregular config in the environment in which it was found. In any case, here is what I performed:
# crackmapexec --verbose smb 192.168.1.1 -u 'DC$' -H redactedNTLMhash --ntds drsuapi
SMB 192.168.1.1 445 DC [*] Windows Server 2016 Datacenter 14393 x64 (name:DC) (domain:CONTOSO.local) (signing:True) (SMBv1:True)
SMB 192.168.1.1 445 DC [+] CONTOSO.local\DC$ redactedNTLMhash
SMB 192.168.1.1 445 DC [-] RemoteOperations failed: DCERPC Runtime Error: code: 0x5 - rpc_s_access_denied
Describe the bug Acces denied while trying to dump NTDS using drsuapi method. It was performed with the primary DC machine account, which is not local admin on its machine.
The expected behavior is that it should have worked, since it is working with impacket secretsdump.
To Reproduce The bug might be hard to reproduce since it may be caused by an irregular config in the environment in which it was found. In any case, here is what I performed:
Crackmapexec info