You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In my setup the krbscm action will not lead to a system shell. I am getting SCM opening error 1722
[*] Using ticket to connect to Service Manger
[*] AcquireCredentialsHandleHook called for package N
[*] Changing to Kerberos package
[*] AcquireCredentialsHandleHook called for package N
[*] Changing to Kerberos package
[*] InitializeSecurityContextHook called for target R
[*] InitializeSecurityContext status = 0x00090312
[-] Error opening SCM: 1722
asktgs works, the ticket with correct SPN exists in the cache and the target user is a local admin. When observing the RPC call to 127.0.0.1 I can recognize that the rpc bind call is not successful. Response is bind_nak Reject reason is 0x09 (invalid_checksum) which according to MS doc means This rejection code is used when an unrecoverable error is detected by the underlying security package.
Any idea which (hardening) configuration might be responsible for this behaviour? Afaik there exists no concrete guidance how to prevent the UAC bypass.
Otherwise how I can further debug the issue?
Thanks.
The text was updated successfully, but these errors were encountered:
In my setup the
krbscmaction will not lead to a system shell. I am getting SCM opening error 1722asktgsworks, the ticket with correct SPN exists in the cache and the target user is a local admin. When observing the RPC call to 127.0.0.1 I can recognize that the rpc bind call is not successful. Response is bind_nak Reject reason is 0x09 (invalid_checksum) which according to MS doc means This rejection code is used when an unrecoverable error is detected by the underlying security package.Any idea which (hardening) configuration might be responsible for this behaviour? Afaik there exists no concrete guidance how to prevent the UAC bypass.
Otherwise how I can further debug the issue?
Thanks.
The text was updated successfully, but these errors were encountered: