Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

COMException during relay #9

Open
marlin771 opened this issue May 4, 2022 · 7 comments
Open

COMException during relay #9

marlin771 opened this issue May 4, 2022 · 7 comments

Comments

@marlin771
Copy link

marlin771 commented May 4, 2022
edited
Loading

Hello!

Unable to complete relay (sensitive data removed)

Exception thrown at 0x00007FFBB21D8BED (clr.dll) in KrbRelayUp.exe: 0xC0000005: Access violation reading location 0x0000000000000010.

KrbRelayUp - Relaying you to SYSTEM

[+] Computer account "eval299$" added with password "P@ssf3st!123"
[+] Rewriting function table
[+] Rewriting PEB
[+] Init COM server
[+] Register COM server
[+] Forcing SYSTEM authentication
[+] Got Krb Auth from NT/SYSTEM. Relying to LDAP now...
System.Runtime.InteropServices.COMException (0x800706C0): A remote procedure call (RPC) protocol error occurred.
A remote procedure call (RPC) protocol error occurred.
 at KrbRelayUp.Relay.Ole32.CoGetInstanceFromIStorage(COSERVERINFO pServerInfo, Guid& pclsid, Object pUnkOuter, CLSCTX dwClsCtx, IStorage pstg, UInt32 cmq, MULTI_QI[] rgmqResults)
at KrbRelayUp.Relay.Relay.Run(String aDomain, String aDomainController, String aComputerSid, String aPort) in C:\root\KrbRelayUp-main\KrbRelayUp-main\KrbRelayUp\Relay\Relay.cs:line 183

Further debugging via Visual Studio:

Exception thrown at 0x00007FFBB21D8BED (clr.dll) in KrbRelayUp.exe: 0xC0000005: Access violation reading location 0x0000000000000010.
@vysecurity
Copy link

Having same problem too.

@vysecurity vysecurity mentioned this issue May 9, 2022
Closed
@tothi
Copy link

tothi commented May 10, 2022

also have a config where this issue came up. the same happens if using the original KrbRelay (to LDAP) before getting a successful LDAP relay. perhaps a mitigation setting other than ldap signature enforcement / channel binding?

@Dec0ne
Copy link
Owner

Dec0ne commented May 10, 2022

Does it work after logout->login?
Or if you use:
Rubeus.exe asktgt /user:lowprivuser /password:something /ptt
Just checking something, let me know..

@vysecurity
Copy link

vysecurity commented May 10, 2022 via email

@dstyvsky
Copy link

asktgt works normally for me and I am having the same error stated above with krbrelayup

@dev-2null
Copy link

I'm getting the same error in corp env, the COM server does not return apRep1 back to the client. In wireshark the Auth Info Kerberos SSP is missing in the "bind_ack" packet.

@konghv
Copy link

konghv commented Mar 20, 2023

I get same problem. Did anyone resolve this issue ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@vysecurity @tothi @dstyvsky @dev-2null @Dec0ne @marlin771 @konghv