From ee16f304f6f703ecfd4683ab8874548e62b59468 Mon Sep 17 00:00:00 2001 From: Ceri Coburn Date: Fri, 4 Apr 2025 16:07:36 +0100 Subject: [PATCH 1/2] Fixed issue where s4u2self was broken by the credential guard feature. --- Rubeus/lib/krb_structures/TGS_REQ.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Rubeus/lib/krb_structures/TGS_REQ.cs b/Rubeus/lib/krb_structures/TGS_REQ.cs index 32ab195a..448e1689 100755 --- a/Rubeus/lib/krb_structures/TGS_REQ.cs +++ b/Rubeus/lib/krb_structures/TGS_REQ.cs @@ -21,7 +21,7 @@ namespace Rubeus public class TGS_REQ { - public static byte[] NewTGSReq(string userName, string domain, string sname, Ticket providedTicket, byte[] clientKey, Interop.KERB_ETYPE paEType, Interop.KERB_ETYPE requestEType = Interop.KERB_ETYPE.subkey_keymaterial, bool renew = false, string s4uUser = "", bool enterprise = false, bool roast = false, bool opsec = false, bool unconstrained = false, KRB_CRED tgs = null, string targetDomain = "", bool u2u = false, bool keyList = false, bool dmsa = false, string serviceType = null) + public static byte[] NewTGSReq(string userName, string domain, string sname, Ticket providedTicket, byte[] clientKey, Interop.KERB_ETYPE paEType, Interop.KERB_ETYPE requestEType = Interop.KERB_ETYPE.subkey_keymaterial, bool renew = false, string s4uUser = "", bool enterprise = false, bool roast = false, bool opsec = false, bool unconstrained = false, KRB_CRED tgs = null, string targetDomain = "", bool u2u = false, bool keyList = false, bool dmsa = false, string serviceType = "principal") { TGS_REQ req; if (u2u) From b43e094ce27f0a0535a1e61e8ab01bd18f8d07a3 Mon Sep 17 00:00:00 2001 From: CCob Date: Thu, 21 May 2026 12:06:40 +0100 Subject: [PATCH 2/2] Fix issue on x86 due UNICODE_STRING being passed by value incorrectly --- Rubeus/lib/Crypto.cs | 2 +- Rubeus/lib/Interop.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Rubeus/lib/Crypto.cs b/Rubeus/lib/Crypto.cs index 84c4858c..c607a042 100755 --- a/Rubeus/lib/Crypto.cs +++ b/Rubeus/lib/Crypto.cs @@ -71,7 +71,7 @@ public static string KerberosPasswordHash(Interop.KERB_ETYPE etype, string passw byte[] output = new byte[pCSystem.KeySize]; - int success = pCSystemHashPassword(passwordUnicode, saltUnicode, count, output); + int success = pCSystemHashPassword(ref passwordUnicode, ref saltUnicode, count, output); if (status != 0) throw new Win32Exception(status); diff --git a/Rubeus/lib/Interop.cs b/Rubeus/lib/Interop.cs index 4cc95c27..d7e7f1dd 100755 --- a/Rubeus/lib/Interop.cs +++ b/Rubeus/lib/Interop.cs @@ -1496,7 +1496,7 @@ public class NetResource public delegate int KERB_ECRYPT_Decrypt(IntPtr pContext, byte[] data, int dataSize, byte[] output, ref int outputSize); public delegate int KERB_ECRYPT_Finish(ref IntPtr pContext); - public delegate int KERB_ECRYPT_HashPassword(UNICODE_STRING Password, UNICODE_STRING Salt, int count, byte[] output); + public delegate int KERB_ECRYPT_HashPassword(ref UNICODE_STRING Password, ref UNICODE_STRING Salt, int count, byte[] output); //https://github.com/vletoux/MakeMeEnterpriseAdmin/blob/master/MakeMeEnterpriseAdmin.ps1#L1760-L1767 public delegate int KERB_CHECKSUM_Initialize(int unk0, out IntPtr pContext);