Unhandled Exception: Asn1.AsnException: integer overflow (positive)

[CaledoniaProject]

Interesting issue ...

[*] Sending S4U2self request
[*] Connecting to 172.16.177.130:88
[*] Sent 1452 bytes
[*] Received 1432 bytes
[+] S4U2self success!
[*] Building S4U2proxy request for service: 'CIFS/WEB01'
[*] Sending S4U2proxy request
[*] Connecting to 172.16.177.130:88
[*] Sent 2487 bytes
[*] Received 120 bytes

Unhandled Exception: Asn1.AsnException: integer overflow (positive)
   at Asn1.AsnElt.GetInteger()
   at Rubeus.KRB_ERROR..ctor(AsnElt body)
   at Rubeus.S4U.Execute(KRB_CRED kirbi, String targetUser, String targetSPN, Boolean ptt, String domainController, String altService)
   at Rubeus.Commands.S4u.Execute(Dictionary`2 arguments)
   at Rubeus.Domain.CommandCollection.ExecuteCommand(String commandName, Dictionary`2 arguments)
   at Rubeus.Program.Main(String[] args)

[CaledoniaProject]

It happens when I choose "Use kerberos only", the other options works.

[CaledoniaProject]

Okay, reproduced on another AD environment. Just need an invalid /msdsspn parameter to trigger the overflow issue.

[HarmJ0y]

This seems to be similar to #19 - it looks like some value in KRB_ERROR is being miscast, but without being able to recreate I don't know the best way to trace which value it is. Will continue testing.

[HarmJ0y]

I tried to recreate this scenario but wasn't able to- if I have "Use Kerberos only" as the account's delegation option, I get a [X] KRB-ERROR (13) : KDC_ERR_BADOPTION error, but if I use a /msdsspn that doesn't exist, I get a [X] KRB-ERROR (7) : KDC_ERR_S_PRINCIPAL_UNKNOWN error and no unhandled exception.

[talmaor]

To use "any authentication protocol" and over come the [X] KRB-ERROR (13) : KDC_ERR_BADOPTION error, I recompiled Rubeus with the RBCD flag to false.
line 94 in S4U.cs PA_DATA pac_options = new PA_DATA(false, false, false, false);
(It make sense to use the RBCD flag when msDS-AllowedToActOnBehalfOfOtherIdentity property is set on a target computer object)