RODC Key List attack - "User test1 is not allowed to have passwords replicated in RODCs" #1667
Labels
in review
This issue or pull request is being analyzed
Comments
dkjajhqu2h3j
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Configuration
impacket version: 0.11.0
Python version: 3.11.6
Target OS: Windows Server 2019 (10.0.17763 N/A Build 17763)
Issue
I am attempting the Kerberos Key List attack against a RODC I have in my lab but I cannot get it to work. As you can see below the target user account
test1is a member of the security groupAllowed RODC Password Replication Groupbut not a member of the security groupDenied RODC Password Replication Group, I have the name of the RODC's Kerberos service account and its AES256 key, still the Key List attack fails with "User test1 is not allowed to have passwords replicated in RODCs".The members of the security groups
Allowed RODC Password Replication GroupandDenied RODC Password Replication Groupare:The values of the attributes
msDS-RevealOnDemandGroupandmsDS-NeverRevealGroupof the RODC's computer object are:Impacket error using the default attack mode:
I get the same error targeting the account
test1directly:Using Rubeus with the parameter "/Keylist" works. I get the NT hash of
test1. What can I do to fix this? Thanks!The text was updated successfully, but these errors were encountered: