You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
ntlmrelayx.py -t ldaps://domain.com --shadow-credentials -smb2support --no-dump
[*] Generating certificate [*] Certificate generated [*] Generating KeyCredential [*] KeyCredential generated with DeviceID: c6ec8e65-6dcf-d624-a64b-07680619cab3 [*] Updating the msDS-KeyCredentialLink attribute of ABC-123$ [*] Updated the msDS-KeyCredentialLink attribute of the target object
Exception in thread Thread-7:
Traceback (most recent call last):
File "/usr/lib/python3.11/threading.py", line 1045, in _bootstrap_inner
self.run()
File "/home/redacted/.local/share/pipx/venvs/impacket/lib/python3.11/site-packages/impacket/examples/ntlmrelayx/attacks/ldapattack.py", line 1129, in run
self.shadowCredentialsAttack(domainDumper)
File "/home/redacted/.local/share/pipx/venvs/impacket/lib/python3.11/site-packages/impacket/examples/ntlmrelayx/attacks/ldapattack.py", line 328, in shadowCredentialsAttack certificate.ExportPFX(password=password, path_to_file=path)
File "/home/redacted/.local/share/pipx/venvs/impacket/lib/python3.11/site-packages/dsinternals/common/cryptography/X509Certificate2.py", line 54, in ExportPFX pk = OpenSSL.crypto.PKCS12()
^^^^^^^^^^^^^^^^^^^^^
File "/home/redacted/.local/share/pipx/venvs/impacket/lib/python3.11/site-packages/cryptography/utils.py", line 72, in __getattr__
obj = getattr(self._module, attr)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
AttributeError: module 'OpenSSL.crypto' has no attribute 'PKCS12'
Additional context
I am running impacket in pipx, I noted that pyOpenSSL made the following Backward-incompatible changes on 09/03/2024
Removed the deprecated OpenSSL.crypto.PKCS12 and OpenSSL.crypto.NetscapeSPKI. OpenSSL.crypto.PKCS12 may be replaced by the PKCS#12 APIs in the cryptography package.
Thus as a short term solution I was able to use the following to roll back pyOpenSSL and get the shadow credential attack working again: pipx inject impacket pyOpenSSL==24.0.0
The text was updated successfully, but these errors were encountered:
Configuration
impacket version: 0.11.0
Python version: 3.11.8
Target OS: Kali Linux
Debug Output With Command String
ntlmrelayx.py -t ldaps://domain.com --shadow-credentials -smb2support --no-dump
Additional context
I am running impacket in pipx, I noted that pyOpenSSL made the following Backward-incompatible changes on 09/03/2024
Thus as a short term solution I was able to use the following to roll back pyOpenSSL and get the shadow credential attack working again:
pipx inject impacket pyOpenSSL==24.0.0
The text was updated successfully, but these errors were encountered: