Mantis errors

So I’m following the ippsec guide through for this one - quite a nice box. However when running the exploit I get errors. I’ve cloned this: git clone GitHub - SecWiki/windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合</t
Then from /opt/windows-kernel-exploits/MS14-068/pykek I’m running the exploit: python -u james@HTB.LOCAL -s S-1-5-21-4220043660-4019079961-2895681657-1103 -d MANTIS

enter password

Then the following errors:

[+] Building AS-REQ for MANTIS… Done!
[+] Sending AS-REQ to MANTIS… Done!
[+] Receiving AS-REP from MANTIS… Done!
[+] Parsing AS-REP from MANTIS…Traceback (most recent call last):
File “”, line 189, in
sploit(user_realm, user_name, user_sid, user_key, kdc_a, kdc_b, target_realm, target_service, target_host, filename)
File “”, line 48, in sploit
as_rep, as_rep_enc = decrypt_as_rep(data, user_key)
File “/opt/windows-kernel-exploits/MS14-068/pykek/kek/”, line 431, in decrypt_as_rep
return _decrypt_rep(data, key, AsRep(), EncASRepPart(), 8)
File “/opt/windows-kernel-exploits/MS14-068/pykek/kek/”, line 419, in _decrypt_rep
rep = decode(data, asn1Spec=spec)[0]
File “/opt/windows-kernel-exploits/MS14-068/pykek/pyasn1/codec/ber/”, line 792, in call
stGetValueDecoder, self, substrateFun
File “/opt/windows-kernel-exploits/MS14-068/pykek/pyasn1/codec/ber/”, line 55, in valueDecoder
value, _ = decodeFun(head, asn1Spec, tagSet, length)
File “/opt/windows-kernel-exploits/MS14-068/pykek/pyasn1/codec/ber/”, line 798, in call
‘%r not in asn1Spec: %r’ % (tagSet, asn1Spec)
pyasn1.error.PyAsn1Error: TagSet(Tag(tagClass=0, tagFormat=32, tagId=16), Tag(tagClass=64, tagFormat=32, tagId=30)) not in asn1Spec: AsRep()

Any help would be really appreciated,


I haven’t looked at this box but when I hit a “this python exploit crashes” scenario it’ s usually a Python2 vs python3 thing.

Hi, have you had a chance to resolve this. I have the very same problem. Also, the python2 vs. python3 thing does not help here either. this solved the impacket errors for me, just leaving it here in case you want to use goldenpac

Anyone have an update on how to fix this?

Sorry folks, looks like I moved on to another box at this point and forgot to come back to it.

I had linked to this write-up after my python problems: