-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Impossible to find Pek-List attribute in ntds file #456
Comments
Hey @quentinhardy First time I hear about this issue. According to your tests, looks like there's a bug in the getNextRow() code. Now, without a way to reproduce this bug, it is almost imposible to determine where the problem is (in particular due to the complexity of the ESE format). Can you provide the DIT and registry hives to reproduce it? If not, another alternative is for you to figure out where the problem is. thanks, |
Hello, Unfortunately, I can't send you the ntds.dit file with the SYSTEM file. I will try to search the problem. |
Any resolution to this? @quentinhardy how did you discover the Pek-List value? I'm getting the same issues as you reported in the OP on two ntds.dit files. |
Should be fixed in 9efa50f |
Hello,
I am trying to use secretsdump.py for extracting hashes from a big ntds.dit file which has been copied with vssadmin.
When I run secretsdump.py, it seems the script doesn't find the Pek-List attribute:
This attribute is required for decrypting hashes.
I have the same bug with impdump project (HarmJ0y/ImpDump#5) wich uses the impacket project (e.g. esentutl.py).
Notice esedbexport is running on this same ntds file (from some days) and there is an "ATTk590689" (Pek-List) attribute in database file (database.4 file). It is not finish but if I take this "ATTk590689" value from database.4 file and I use it directly in source code of https://github.com/HarmJ0y/ImpDump/blob/master/impdump.py, it works! : I can extract decrypted hashes.
So I think it is a bug in impacket -:(
Do you known if it a well known problem?
Thanks in advance for your help,
The text was updated successfully, but these errors were encountered: