COMException during relay
Opened this issue · 7 comments
Hello!
Unable to complete relay (sensitive data removed)
Exception thrown at 0x00007FFBB21D8BED (clr.dll) in KrbRelayUp.exe: 0xC0000005: Access violation reading location 0x0000000000000010.
KrbRelayUp - Relaying you to SYSTEM
[+] Computer account "eval299$" added with password "P@ssf3st!123"
[+] Rewriting function table
[+] Rewriting PEB
[+] Init COM server
[+] Register COM server
[+] Forcing SYSTEM authentication
[+] Got Krb Auth from NT/SYSTEM. Relying to LDAP now...
System.Runtime.InteropServices.COMException (0x800706C0): A remote procedure call (RPC) protocol error occurred.
A remote procedure call (RPC) protocol error occurred.
at KrbRelayUp.Relay.Ole32.CoGetInstanceFromIStorage(COSERVERINFO pServerInfo, Guid& pclsid, Object pUnkOuter, CLSCTX dwClsCtx, IStorage pstg, UInt32 cmq, MULTI_QI[] rgmqResults)
at KrbRelayUp.Relay.Relay.Run(String aDomain, String aDomainController, String aComputerSid, String aPort) in C:\root\KrbRelayUp-main\KrbRelayUp-main\KrbRelayUp\Relay\Relay.cs:line 183
Further debugging via Visual Studio:
Exception thrown at 0x00007FFBB21D8BED (clr.dll) in KrbRelayUp.exe: 0xC0000005: Access violation reading location 0x0000000000000010.
Having same problem too.
also have a config where this issue came up. the same happens if using the original KrbRelay (to LDAP) before getting a successful LDAP relay. perhaps a mitigation setting other than ldap signature enforcement / channel binding?
Does it work after logout->login?
Or if you use:
Rubeus.exe asktgt /user:lowprivuser /password:something /ptt
Just checking something, let me know..
asktgt works normally for me and I am having the same error stated above with krbrelayup
I'm getting the same error in corp env, the COM server does not return apRep1 back to the client. In wireshark the Auth Info Kerberos SSP is missing in the "bind_ack" packet.
I get same problem. Did anyone resolve this issue ?