DCSync does not work with PAM feature enabled about mimikatz HOT 14 CLOSED

Hey @MichaelGrafnetter thanks for pointing this out! I'm downloading TP5 now and will give a try with impacket. Right now I'm expecting receiving DRS_EXT_GETCHGREPLY_V6. Cannot you control that through DRSBind.dwFlags?

from mimikatz.

@asolino It seems that once PAM is enabled, DC only returns DRS_MSG_GETCHGREPLY_V9 and fails if the client does not support it, because otherwise it could not tell the client about the expiring links.

from mimikatz.

more than just fun with flags

from mimikatz.

@gentilkiwi You read my mind!

from mimikatz.

All right.. fair point.. that for the clarification @MichaelGrafnetter!

from mimikatz.

There are still a few undocumented flags, because TP5 returns this in DRS_EXTENSIONS_INT with RB+PAM enabled:
dwExtCaps = 2047
dwFlagsExt = 526
dwFlags = 1073741695

from mimikatz.

I get it work, you need 0x200 ;)

from mimikatz.

Flag validated 👍

from mimikatz.

So it was fun with flags after all... Sorry for spreading unverified info, @asolino . But to my excuse, even the doc is somewhat smoke and mirrors.

from mimikatz.

It could have been much more complex.
Fortunately, the structures have very compatible unions (Req v8/v10 & Rep v6/v9)

from mimikatz.

I have fixed it in DSInternals, too, but you beat me to it. Nevertheless, I just learned something and I had fun doing it. ;-)

from mimikatz.

Because I don't want to give a fuck about future flags:

• DRS_EXT_RECYCLE_BIN
• DRS_EXT_PAM
• ...

ac09c27 (pDrsExtensionsInt->dwExtCaps = MAXDWORD32)

Thank you for nice exchanges @MichaelGrafnetter & @asolino

from mimikatz.

That's uber potential! ;) ;) :)

thanks for the quick turn around.. and likewise @gentilkiwi & @MichaelGrafnetter

from mimikatz.

@gentilkiwi Hopefully, your cannonball approach will turn out to be futureproof. And Ben, you really are a meme machine! ;-)

from mimikatz.