Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UnicodeDecodeError: 'utf-16-le' codec can't decode bytes in position 236-237: illegal encoding #14

Closed
7MinSec opened this issue Dec 10, 2024 · 1 comment
Closed

UnicodeDecodeError: 'utf-16-le' codec can't decode bytes in position 236-237: illegal encoding #14

7MinSec opened this issue Dec 10, 2024 · 1 comment

Comments

@7MinSec
Copy link

7MinSec commented Dec 10, 2024
edited
Loading

Hello!

I'm on a pentest where I have the media variables file, cracked it, and then did python pxethief.py 3 my.var MYPASS.

I originally had this issue which I fixed using this advice.

Now when I run pxethief it's like it alllllmmmoooosssst works - here's some obfuscated output:

<snip>
+] CCMClientTimestamp Signature Generated
[+] ClientToken Signature Generated
[+] Retrieving x64UnknownMachineGUID from MECM MP...
[+] Requesting policy assignments from MP...
[+] 101 policy assignment URLs found!
[+] Requesting Network Access Account Configuration from: http://verylongurl
[+] Requesting Task Sequence Configuration from: http://verylongurl/SMS_MP/.sms_pol?VARIOUS-IDS
[+] Requesting Task Sequence Configuration from: http://verylongurl/SMS_MP/.sms_pol?VARIOUS-IDS
....this repeats many times...then concludes with:

[+] Decrypting Network Access Account Configuration
Traceback (most recent call last):
  File "pxethiefissue1.py", line 897, in <module>
    process_pxe_bootable_and_prestaged_media(media_variables)
  File "pxethiefissue1.py", line 413, in process_pxe_bootable_and_prestaged_media
    dowload_and_decrypt_policies_using_certificate(smsMediaGuid,smsTSMediaPFX)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "pxethiefissue1.py", line 567, in dowload_and_decrypt_policies_using_certificate
    dstr = naaConfig.content.decode("utf-16-le")
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "c:\users\someuser\AppData\Local\Programs\Python\Python312\Lib\encodings\utf_16_le.py", line 16, in decode
    return codecs.utf_16_le_decode(input, errors, True)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-16-le' codec can't decode bytes in position 236-237: illegal encoding
decoding with 'utf-16-le' codec failed

Not sure what to try from here?
@7MinSec
Copy link
Author

7MinSec commented Dec 10, 2024

Figured it out by just throwing the kitchen sink at the problem :-). I commented/uncommented the lines as you suggested here and then set USING_TLS to False:

USING_TLS = False #HTTPS and client certificate support

Then everything worked and I got the yummy NAA creds! Thanks for an awesome tool!

@7MinSec 7MinSec closed this as completed Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@7MinSec