Closed n8zwn closed 4 years ago
I thought I should mention that the credentials are valid and if I run the psexec module in metasploit, then execute mimikatz that I don't see any errors, which then pulls the clear text creds. These errors happen in the mimikatz module as well.
Hi @n8zwn,
Often times I have found the issue with the mimikatz/ironkatz payloads is the timeout. The payload is not given enough time to download & execute before the results are checked by AR3. However, I would expect the error to be returned in PowerShell not the Python code (specifically in the Impacket library).
What version of Impacket are you using?
pip3 freeze|grep impacket
For example, I am using a Kali Linux OS with:
I have just tested both the ironkatz and mimikatz payloads successfully on a Windows 2012r2, but still working on compatibility with more OS versions. (Was debating releasing a compatibility worksheet outlining AR3 features and OS versions they have been tested against)
I saw you are using 3.7 so I will do some additional testing with that version. Also, this is a great tool so I appreciate you being so responsive!
Looks like the error does not happen anymore after changing my version of python. Not getting anything back, but that could be due to the timeout. I know that at least a 30 second wait did not get the data back. I will close this out
I'm glad the error has gone away! However, I agree, we will have to put in some more work to perfect the mimikatz/ironkatz modules.
Here is some errors that I have seen when running ironkatz, it is worth noting that in the for loop that these errors did not stop it from going on to the next host:
The command as I was running it:
activereign enum -u user -p password --local-auth -M ironkatz $ip
I also ran it in a for loop because when I fed it the target file with 930 IPs, it got stuck and never finished.