@Adamkadaban did you run Ruff against this? If you are using poetry: poetry run python -m ruff check . --preview

did you run Ruff against this?

@Marshall-Hallenbeck Oh sorry, I didn't - but I have now. made the necessary changes and all checks are passing

Quick question but since these informations are dumped calling the SAMR RPC endpoint, can't we simply add this module in the code --sam option ?

@Dfte I considered this too. I would say yes, but afaik --sam currently only tries to dump passwords in the sam database.
There are a ton of things we can dump with samr that currently aren't being dumped, so I assumed the best option would be a module

@NeffIsBack

Not sure what is happening here, but when i swap out the print() for the exception logging this is the traceback:

This looks like the very verbose logging that impacket provides when an information class doesn't exist.

I think this means your impacket is outdated

@NeffIsBack

Not sure what is happening here, but when i swap out the print() for the exception logging this is the traceback:

This looks like the very verbose logging that impacket provides when an information class doesn't exist.

I think this means your impacket is outdated

Oh yes, it's late, missed the fortra PR notice. Gonna update impacket and try again👍🏼

Hmm okay so with impacket being updated i get an error on the dc and no output at all on the win11 machine. There should be a local account set up with sec questions.

The DC debug output:

The Win11 debug output (looks like its running fine, but doesn't find anything?):

Looks like on DC this object doesn't have the UserResetInformation block. I added a try&Except block (with debug logging) just in case other servers have the same problem with some users.