Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Packet sniffing error detected - System.ArgumentException #31

Open
Acebond opened this issue Jun 29, 2021 · 4 comments
Open

Packet sniffing error detected - System.ArgumentException #31

Acebond opened this issue Jun 29, 2021 · 4 comments

Comments

@Acebond
Copy link

Acebond commented Jun 29, 2021

Hello,
I'm running the latest version on Windows 7 x64, and am getting this error:

Running with
.\Inveigh.exe -HTTPPorts 10080 -mdns y -nbns y

[*] Press ESC to enter/exit interactive console
[+] [15:19:02] LLMNR(A) request [REDACTED] from 10.7.27.18 [response sent]
[+] [15:19:02] LLMNR(A) request [REDACTED] from 10.7.27.18 [response sent]
[-] [15:19:02] LLMNR(AAAA) request [REDACTED] from 10.7.27.18 [type ignored]
[-] [15:19:02] LLMNR(AAAA) request [REDACTED] from 10.7.27.18 [type ignored]
[.] [15:19:02] TCP(445) SYN packet from 10.7.27.18:65371
[.] [15:19:02] SMB1(445) negotiation request detected from 10.7.27.18:65371
[.] [15:19:02] SMB2+(445) negotiation request detected from 10.7.27.18:65371
[+] [15:19:02] SMB(445) NTLM challenge [ADC486A5AB9FF8CC] sent to 10.7.27.18:65371
[-] [15:19:02] Packet sniffing error detected - System.ArgumentException: Offset and length were out of bounds for the a
rray or count is greater than the number of elements from index to the end of the source collection.
   at System.Buffer.BlockCopy(Array src, Int32 srcOffset, Array dst, Int32 dstOffset, Int32 count)
   at Quiddity.Support.ASN1.GetTagBytes(Byte[] data, Int32& index, Int32 length, Byte tag, Byte& tagDecoded)
   at Quiddity.Support.ASN1.GetTagBytes(Int32 tag, Byte[] data)
   at Quiddity.NTLM.NTLMResponse.Decode(Byte[] data)
   at Quiddity.NTLM.NTLMResponse..ctor(Byte[] data)
   at Inveigh.Sniffer.ProcessSMB(Byte[] data, String clientIP, String listenerIP, String clientPort, String listenerPort
)
   at Inveigh.Sniffer.Start(String protocol, String snifferIP, Boolean isIPV6)
[-] [15:19:02] Packet sniffing error detected - System.IO.EndOfStreamException: Unable to read beyond the end of the str
eam.
   at System.IO.__Error.EndOfFile()
   at System.IO.BinaryReader.FillBuffer(Int32 numBytes)
   at System.IO.BinaryReader.ReadUInt16()
   at Quiddity.NTLM.NTLMHelper.ReadBytes(Byte[] data, Int32 offset)
   at Inveigh.Sniffer.ProcessSMB(Byte[] data, String clientIP, String listenerIP, String clientPort, String listenerPort
)
   at Inveigh.Sniffer.Start(String protocol, String snifferIP, Boolean isIPV6)
[.] [15:19:02] SMB1(445) negotiation request detected from 10.7.27.18:65372
[.] [15:19:02] SMB2+(445) negotiation request detected from 10.7.27.18:65372
[+] [15:19:02] SMB(445) NTLM challenge [B0D50469185CF3D0] sent to 10.70.151.129:65372
[-] [15:19:02] Packet sniffing error detected - System.ArgumentException: Offset and length were out of bounds for the a
rray or count is greater than the number of elements from index to the end of the source collection.
   at System.Buffer.BlockCopy(Array src, Int32 srcOffset, Array dst, Int32 dstOffset, Int32 count)
   at Quiddity.Support.ASN1.GetTagBytes(Byte[] data, Int32& index, Int32 length, Byte tag, Byte& tagDecoded)
   at Quiddity.Support.ASN1.GetTagBytes(Byte[] data, Int32& index, Int32 length, Byte tag, Byte& tagDecoded)
   at Quiddity.Support.ASN1.GetTagBytes(Int32 tag, Byte[] data)
   at Quiddity.NTLM.NTLMResponse.Decode(Byte[] data)
   at Quiddity.NTLM.NTLMResponse..ctor(Byte[] data)
   at Inveigh.Sniffer.ProcessSMB(Byte[] data, String clientIP, String listenerIP, String clientPort, String listenerPort
)
   at Inveigh.Sniffer.Start(String protocol, String snifferIP, Boolean isIPV6)
[+] [15:19:03] NBNS(00) request [80-01662PL] from 10.7.27.18 [response sent]
[+] [15:19:03] NBNS(00) request [80-01662PL] from 10.7.27.18 [response sent]
[-] [15:19:03] Packet sniffing error detected - System.IO.EndOfStreamException: Unable to read beyond the end of the str
eam.
   at System.IO.__Error.EndOfFile()
   at System.IO.BinaryReader.FillBuffer(Int32 numBytes)
   at System.IO.BinaryReader.ReadUInt16()
   at Quiddity.NTLM.NTLMHelper.ReadBytes(Byte[] data, Int32 offset)
   at Inveigh.Sniffer.ProcessSMB(Byte[] data, String clientIP, String listenerIP, String clientPort, String listenerPort
)
   at Inveigh.Sniffer.Start(String protocol, String snifferIP, Boolean isIPV6)
[+] [15:19:03] NBNS(00) request [80-01662PL] from 10.7.27.18 [response sent]
[+] [15:19:03] NBNS(00) request [80-01662PL] from 10.7.27.18 [response sent]
PS C:\Users\pentest>

If there is additional information you want let me know.
@Kevin-Robertson
Copy link
Owner

Thanks! I have not tested through Windows 7 at all. I'll test it if I get an opportunity. It looks like something is going on with the ASN.1 code, which is still pretty crude.

@Altominded
Copy link

Any updates on this? I am having the same issue

@init5-SF
Copy link

Having the exact same issue here, Windows Server 2022

@Kevin-Robertson
Copy link
Owner

I just posted some NTLM parsing changes. I'm not sure if it will help with the issues here. The problem I observed was with non-windows SMB clients.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Kevin-Robertson @Acebond @init5-SF @Altominded