jas594
commented
2 weeks ago I have also encountered this issue a few times
Open spextat0r opened 1 month ago
jas594
commented
2 weeks ago I have also encountered this issue a few times
So as the title alludes Certipy v4.8.2 seems to fail to relay to both RPC and HTTP when the client has Require SMB Signing turned on. ntlmrelayx does not seem to have this issue and inspecting the SMB negotiation protocol with Wireshark between the two tools I cannot see an difference between the two other than Certipy sending a STATUS_MORE_PROCESSING_REQUIRED flag after the NTLMSSP_NEGOTIATE packet.
Googling the SMB error I get a Microsoft Page titled "System error 2148073478, extended error, or Invalid Signature error message on SMB connections in Windows Server 2012 or Windows 8" so it seems that the issue is indeed tied to SMB Signing
Setting client signing to be if server agrees this is the new output
Looking at the Wireshark capture this is all that occurs when signing is required
Here is the same required signing settings but with ntlmrelayx