Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ERROR kull_m_kerberos_asn1_net_SendAndRecv ; Packet size + 4 != Kerberos Packet Size #13

Open
Meatballs1 opened this issue May 21, 2019 · 1 comment

Comments

@Meatballs1
Copy link

  kekeo # tgs::s4u /tgt:[email protected][email protected] /user:administrator /service:cifs/sphere.quentin.org /ptt
Ticket  : [email protected][email protected]
  [krb-cred]     S: krbtgt/QUENTIN.ORG @ QUENTIN.ORG
  [krb-cred]     E: [00000012] aes256_hmac
  [enc-krb-cred] P: user @ QUENTIN.ORG
  [enc-krb-cred] S: krbtgt/QUENTIN.ORG @ QUENTIN.ORG
  [enc-krb-cred] T: [21/05/2019 23:51:35 ; 22/05/2019 09:51:35] {R:28/05/2019 23:51:35}
  [enc-krb-cred] F: [40e10000] name_canonicalize ; pre_authent ; initial ; renewable ; forwardable ;
  [enc-krb-cred] K: ENCRYPTION KEY 18 (aes256_hmac      ): 8ef924459b58faeb940ba1114b8cc1b97aee61eee7bf3377bcf1154a01549693
  [s4u2self]  administrator
[kdc] name: TORUS.QUENTIN.ORG (auto)
[kdc] addr: 10.10.45.174 (auto)
ERROR kull_m_kerberos_asn1_net_SendAndRecv ; Packet size + 4 != Kerberos Packet Size

Windows 2016 DC - Wireshark shows the packet correctly - a TGS REP of 166 bytes.

@Meatballs1
Copy link
Author

Meatballs1 commented May 21, 2019

Note this domain only supports AES 256. The TGT was retrieved with /aes256

If I try /aes256 with TGS:s4u I get:

KDC_ERR_BADOPTION (13) - 22/05/2019 00:04:05

In wireshark I see a TGS-REQ then a valid TGS-REP then another TGS-REQ before the KRB error which says 'STATUS NOT SUPPORTED' - although that could just be my exploitation scenario failing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant