Open s0i37 opened 2 years ago
One thing that immediately stands out are these two lines:
[*] SMBD-Thread-4: Connection from CORP/CRM2016$@10.0.0.100 controlled, attacking target ldap://10.0.0.10
[-] Authenticating against ldap://10.0.0.10 as USSC/CRM2016$ FAILED
It seems it's trying to authenticate as USSC/CRM2016$ using creds for CORP/CRM2016$. Any idea where the USSC might come from?
No no. My mistake. USSC=CORP. I just manual replace it.
Hi @s0i37! Do you have a packet capture?
Thanks!
Unfortunately I cant provide packet capture by security reason. Probably you can understand the reason by pictures.
I have the opposite problem. CVE-2019-1040 scanner says it's not vulnerable, however --remove-mic was successful.
Probably it was NetNTLMv1?
Configuration
impacket version: 0.9.24 Python version: Python 3.9.2 Target OS: Kali GNU/Linux Rolling x64
Debug Output With Command String
So, relay SMB->LDAP doesn't work.
Additional context