Relay fails when client requires SMB signing #227
Comments
|
I have also encountered this issue a few times |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
So as the title alludes Certipy v4.8.2 seems to fail to relay to both RPC and HTTP when the client has Require SMB Signing turned on. ntlmrelayx does not seem to have this issue and inspecting the SMB negotiation protocol with Wireshark between the two tools I cannot see an difference between the two other than Certipy sending a STATUS_MORE_PROCESSING_REQUIRED flag after the NTLMSSP_NEGOTIATE packet.
Googling the SMB error I get a Microsoft Page titled "System error 2148073478, extended error, or Invalid Signature error message on SMB connections in Windows Server 2012 or Windows 8" so it seems that the issue is indeed tied to SMB Signing
Setting client signing to be if server agrees this is the new output
Looking at the Wireshark capture this is all that occurs when signing is required
Here is the same required signing settings but with ntlmrelayx
The text was updated successfully, but these errors were encountered: