Secretsdump errors with "Unknown DCE RPC fault status code: 00000057" when executed against a RODC

Question

Secretsdump errors with "Unknown DCE RPC fault status code: 00000057" when executed against a RODC

dkjajhqu2h3j opened this issue 6 months ago · 1 comments

Configuration

impacket version: 0.11.0
Python version: 3.11.6
Target OS: Windows Server 2019 (10.0.17763 N/A Build 17763)

Issue

I am trying to dump the AES256 key of a RODC's Kerberos service account cached in LSA on a RODC using secretsdump. If I use the default DRSUAPI mode I get the error "Unknown DCE RPC fault status code: 00000057". If I use the VSS mode I can dump the NTLM hash of the service account but I get no AES256 key. Mimikatz can successfully dump the AES256 key but I would prefer to not use that.

I am aware that it is not possible to DCSync a RODC but that is not what I do. I am dumping LSA.

Thanks!

Answer 1 · 2024-01-04T16:29:29.000Z

Linking with #1552 as, if not duplicates, they are related for sure