-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secretsdump not dumping hashes with recent W10 #326
Comments
Hey @dirkjanm, thanks for the report. Yes.. I've been aware of it for quite a long time already. But it only happened to me against 2016 Servers.. Never W10/2012R2 (That's why it had low priority for now). I know what needs to be changed so it shouldn't be that hard (thanks to @gentilkiwi actually :)). It's all AES instead of RC4 and a few structure changes. Stay tuned. |
- Similar to what was done in the past for the encryptedPekList in the offline NTDS. - Thanks @gentilkiwi for documenting the structures, way easier and elegant approach. - Testing needed in all platforms, just to be sure backward compatibility works. - Addresses #326
Hey @dirkjanm, please Close this issue if working on your side. |
Thanks @asolino, works like a charm! My 2012R2 is actually using the old format, so maybe I was mistaken on that part, but dumping hashes from W10 is working perfectly again. Thanks for the quick reply and fix, much appreciated. |
I've had this pop up a few times recently with newer setups:
This is on a new domain against a new Windows 10 VM. I've also seen this on recent 2012R2 and 2016 servers. The issue also occurs when running secretsdump standalone.
This is probably related to this:
rapid7/metasploit-framework#8582
gentilkiwi/mimikatz@823d376
Any chance we can get this in secretsdump as well? Should be a relatively simple change if I look at the msf code.
The text was updated successfully, but these errors were encountered: