Closed kevthehermit closed 4 years ago
Looks like this is the result of a change in Impacket - see SecureAuthCorp/Impacket@b867b21
I was able to fix it by replacing the following code at lines 93-95 in set_empty_pw.py:
request["ClearNewPassword"] = nrpc.NL_TRUST_PASSWORD()
request["ClearNewPassword"]["Buffer"] = b'\x00'*512
request["ClearNewPassword"]["Length"] = 0 # It winds up being 516 bytes mentioned in the Secur whitepaper because this is 4 bytes
with this:
cnp = nrpc.NL_TRUST_PASSWORD()
cnp['Buffer'] = b'\x00'*512
cnp['Length'] = 0
request["ClearNewPassword"] = cnp.getData()
Updated to support new Impacket changes in https://github.com/risksense/zerologon/commit/05ba66e088797fd2f8e2efcd4dfbd80d64e801f6 . Thanks for reporting and thanks for investigating.
set_empty_pw hits an error and is not successful see error below.
Other POCs worked OK