Get the error while trying to connect to the server

taviso / ctftool

Interactive CTF Exploration Tool

Apache License 2.0

1.64k stars 271 forks source link

Get the error while trying to connect to the server #11

Open streetracer87 opened 5 years ago

streetracer87 commented 5 years ago

I'm getting the failed message. What can cause this issue?

taviso commented 5 years ago

What OS is this on? 0xc0000041 is STATUS_PORT_CONNECTION_REFUSED, it might be caused by the recent changes Microsoft made if you applied the August security patches.

I haven't had time to understand the recent changes yet, but will support it soon! I think Microsoft changed the size of the connection message, so it no longer matches.

JoeDibley commented 5 years ago

Can confirm this is the August Security Update

ivanquin33 commented 5 years ago

I had the same problem "Failed to send message to server, giving up, 0xc0000024" running the ctftool.exe with non-admin account on a Windows 7 x64 VM with no updates at all.

k4nfr3 commented 5 years ago

Confirm too. It worked before applying the security update last night, and no longer today (Win10). Looks like a quick and dirty fix

ibrasec commented 5 years ago

same issue here, although no updates done to win7, but the exploit didn't sucess, instead the user just logged out untill he pass the authentication. this message keep appearing "Failed to send message to server, giving up, 0xc0000024"

1-loginui-system-failed 2-consent-systemfailed 3-scan-connect-scan 4-winver 5-updates

ingm4r commented 5 years ago

Any news on this?

ustayready commented 5 years ago

Anyone diff the August Security Update yet to see what changed? If I get some time this weekend, I'll see what I can find.

taviso commented 5 years ago

I'm told there are more changes planned for next Patch Tuesday to address the edit session attacks, so I'm reluctant to do too much work on this until the new patches are released. I guess we'll see what happens!

ustayready commented 5 years ago

That makes sense. I appreciate the heads up, I may stand down until after Tuesday too.

ustayready commented 5 years ago

I went ahead and looked into the MSU, looks like the only ALPC changes I found were in CoreMessaging.dll so I diff'd pre-August vs. August. Two partial matches:

Microsoft::CoreUI::Registrar::ServerConversationOperations::RegisterConversation Microsoft::CoreUI::Registrar::RegistrarServerCaller::LocalClientDisconnected_MessageCall

Figured I'd at least update this issue with some notes in case it becomes useful.

Ziowebbo commented 4 years ago

I'm told there are more changes planned for next Patch Tuesday to address the edit session attacks, so I'm reluctant to do too much work on this until the new patches are released. I guess we'll see what happens!

any update on this after many months? :)