Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KDC_ERR_PADATA_TYPE_NOSUPP(KDC has no support for padata type) [Need Urgent Help] #205

Open
3v1lg3n7u54007 opened this issue Mar 30, 2024 · 1 comment
Open

KDC_ERR_PADATA_TYPE_NOSUPP(KDC has no support for padata type) [Need Urgent Help] #205

3v1lg3n7u54007 opened this issue Mar 30, 2024 · 1 comment

Comments

@3v1lg3n7u54007
Copy link

3v1lg3n7u54007 commented Mar 30, 2024
edited

I deployed an AD Environment for my project but I have been facing some issues lately. I successfully exploited the Certifried Vuln in the AD env and made sure to document the steps and also took a snapshot of the environment that the exploit was working on.

The demo for my project is tomorrow and here I am with some code which was previously working but currently isnt... ;-;

But now I am facing some issue regarding KDC_ERR_PADATA_TYPE_NOSUPP(KDC has no support for padata type). Is there any suggestions or fixes for this? Would really appreciate the help. Below I have attached the error as well.

PS C:\Users\EAnderson> certipy req -u EAnderson@Activedirectoryenvironment.local -p Employee23213 -ca ActiveDirectoryEnvironment-AD-DOMAIN-CONTR-CA -template User -debug

Certipy v4.8.2 - by Oliver Lyak (ly4k)

[+] Trying to resolve 'ACTIVEDIRECTORYENVIRONMENT.LOCAL' at '192.168.15.144'
[+] Resolved 'ACTIVEDIRECTORYENVIRONMENT.LOCAL' from cache: 192.168.15.144
[+] Generating RSA key
[] Requesting certificate via RPC
[+] Trying to connect to endpoint: ncacn_np:192.168.15.144[\pipe\cert]
[+] Connected to endpoint: ncacn_np:192.168.15.144[\pipe\cert]
[] Successfully requested certificate
[] Request ID is 362
[] Got certificate with UPN 'EAnderson@ActiveDirectoryEnvironment.local'
[] Certificate has no object SID
[] Saved certificate and private key to 'eanderson.pfx'
PS C:\Users\EAnderson> certipy auth -pfx eanderson.pfx

Certipy v4.8.2 - by Oliver Lyak (ly4k)

[] Using principal: eanderson@activedirectoryenvironment.local
[] Trying to get TGT...
[-] Got error while trying to request TGT: Kerberos SessionError: KDC_ERR_PADATA_TYPE_NOSUPP(KDC has no support for padata type)
@3v1lg3n7u54007 3v1lg3n7u54007 changed the title KDC_ERR_PADATA_TYPE_NOSUPP(KDC has no support for padata type) KDC_ERR_PADATA_TYPE_NOSUPP(KDC has no support for padata type) [Need Urgent Help] Mar 30, 2024
@Prepouce
Copy link

I think it will be too late but it is the domain controller that does not support PKINIT authentication (kerberos authentication with a certificate). It could be because the DC does not have an installed certificate from your ADCS component.

You can still authenticate though LDAPS (authentication through TLS) with the command: "certipy auth -ldap-shell" and then exploit RBCD.

If you want to patch this issue, you can try to enroll certificates for your domain controller, with the following commands:

certutil -addstore root \\[ADCS]\CertEnroll\[ADCS.domain.local]_[CA-name].crt
certutil -addstore CA \\[ADCS]\CertEnroll\[CA-name].crl
certutil -addstore CA \\[ADCS]\CertEnroll\[CA-name]+.crl
gpupdate /force

More information on this error: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4771

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Prepouce @3v1lg3n7u54007