help,plz

[guanglianniubi]

[chrispanayi]

Hi! It's a bit tricky to tell exactly what is going on here just from this, but my suspicion would be that the version of SCCM that you are using does not support SHA256 signatures. The newest versions do. You can test SHA1 signatures by commenting line 484 and 490 and uncommenting lines 483 and 489.

Alternatively, enable the Require SHA-256 option on the Signing and Encryption options on the SCCM MP and it should start giving you a certificate that can generate SHA256 signatures.

[Cyb3rGh0st786]

Hello @chrispanayi ,
I am also getting the same error. Please help me to solve the issue. I see the lines you have given in the above comment have been changed. would you please provide your feedback

Traceback (most recent call last):
  File "pxethief.py", line 897, in <module>
    process_pxe_bootable_and_prestaged_media(media_variables)
  File "pxethief.py", line 413, in process_pxe_bootable_and_prestaged_media
    dowload_and_decrypt_policies_using_certificate(smsMediaGuid,smsTSMediaPFX)
  File "pxethief.py", line 498, in dowload_and_decrypt_policies_using_certificate
    CCMClientIDSignature = str(generateClientTokenSignature(data,cryptoProv))
  File "pxethief.py", line 344, in generateClientTokenSignature
    sha256hash = cryptoProv.CryptCreateHash(32780,None)
pywintypes.error: (-2146893816, 'PyCRYPTPROV::CryptCreateHash', 'Invalid algorithm specified.')

[chrispanayi]

Hello @kaleemshaik7867. The issue is almost certainly the same, try commenting the calls to generateClientTokenSignature and uncommenting the calls to generateSignedData, and you will have switched to using SHA1 signatures.

[Cyb3rGh0st786]

Hello @chrispanayi ,

After the modifications, I am getting the following error. What could the issue be, network connectivity?

[chrispanayi]

@kaleemshaik7867 Depends on the context of how you are calling it. The tool doesn't have support for HTTPS management points if they require client certificates at the moment (I usually handle this with an intercepting proxy that handles the TLS handshaking); but it also could be a DNS resolution issue, or HTTP on the management point is blocked

[Cyb3rGh0st786]

Hello @chrispanayi,

My Management points are reachable, and they are on HTTPS. Would you please give more details on how you handle this via intercepting proxy?

[chrispanayi]

First, confirm that client certificates are required; I believe this would be the case from the previous environments I have seen this in. This is the main thing that is unsupported. If it is browsable over HTTPS without a client certificate, you can comment out line 709 and set USING_TLS to True in line 38.

If it is using client certificates, you need to set up something like Burp Proxy to handle the client certificate authentication flow for PXEThief (something like https://www.smeegesec.com/2013/05/using-client-ssl-certificates-with-burp.html) and proxy PXEThief through Burp (invisible proxying or set USING_PROXY to True and configure your proxy settings in line 712)

[Cyb3rGh0st786]

Hello @chrispanayi ,

I tried to set up the Burp and client certificate authentication, and I see the following error.

[chrispanayi]

That is tough to debug with no additional context. It looks like the management point is not responding in the way the tool expects? Would look at Burp and see if the response to the HTTP request that the tool is making is properly XML formatted.

In general, after the signatures are generated the next part of the code makes specially formatted HTTP requests to the MP, and it should be responding with XML. There are specific edge cases (like when I encountered HTTPS MPs, where it doesn't encrypt the HTTP responses like it does over normal HTTP). If the responses are as expected, and not something like a 404, then I would think the error is popping up in one of the edge case handling parts of the code