Open 0xfalafel opened 4 months ago
Hello @Faelian, this seems to be the expected behavior as current code it's expecting to match the target parameter with the response from the remote oxid resolver (https://github.com/fortra/impacket/blob/master/impacket/dcerpc/v5/dcomrt.py#L1254). In your case dc01.blackfield.local and 10.10.10.192 were answered as valid remote addresses to connect to, despite being able to resolve the remote IP by touching /etc/hosts
Configuration
impacket version: v0.12.0.dev1+20231015.203043.419e6f24 Python version: 3.11 Target OS: Microsoft Windows Server 2019 Standard - 10.0.17763 N/A Build 17763
Context
I was doing the Blackfield machine from hackthebox. And I was surprised to see that
wmiexec.py
failed to connect toblackfield.local
when using the administrator's hash.My
/etc/hosts
configuration has a line forblackfield.local
:Failing command
Alternative working commands
The command fail when using
blackfield.local
, but works correctly when usingdc01.blackfield.local
, or directly the IP address10.10.10.192
.dc01.blackfield.local
10.10.10.192
Additional context
Looking at the logs, we see that no
StringBinding
is chosen when using the domain from/etc/hosts
.blackfield.local
While a
StringBinding
is chosen in the other 2 cases.dc01.blackfield.local
10.10.10.192