Closed jsdhasfedssad closed 10 months ago
Hi @jsdhasfedssad how have you solved this point ? Only RC4 is currently supported by the tool ?
I think the problem is that only the DNS server supports actual relaying, the other services only support unconstrained delegation abuse, which requires encryption keys to be provided.
In my case I was trying to perform an ESC8 attack from a mitm6 poisoning to an ADCS web endpoint that only supports Kerberos authentication. The poisoning works well and the relay too, the error araised during the certificate request. But I guess the problem comes from an autoenrollment issue on the targeted template
Hi,
I can successfully perform the ADCS attack that you describe here. However, once I try for example targeting LDAPS on a DC in order to add a computer account it always fails with the error "Could not find the correct encryption key! Ticket is encrypted with keytype 18, but keytype(s) were supplied".
This is how I configure mitm6:
After this I disable then reenable the NIC on the machine I MITM using mitm6 (client1.adlab.local/10.0.0.210) in order for the machine to be MITM.
This is how I trigger a Kerberos authentication on the machine I MITM using mitm6 (client1.adlab.local/10.0.0.210):
This is how I configure krbrelayx and the error I get:
The DC is running a fully patched Server 2019 and the client is running a fully patched Windows 10.
Is this a bug or am I doing something wrong?