[secretsdump] Added parsing of services passwords (SCM) #1262
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Removing searchfilter for DCs to allow RBCD and Unconstrained to be shown
Secrets and cached
Improved exporting and added Kerberos keys calculation
for ticket sname field modification
add s4u2self and alt-service parameter
add s4u2self and alt-service parameter
for ticket sname field modification
for ticket sname field modification
add s4u2self and alt-service parameter
add s4u2self and alt-service parameter
add s4u2self and alt-service parameter
# Conflicts: # README.md # impacket/version.py
Dacledit inheritance flag
Ldapattack msexchstoragegroup
…amps add utc date to cached domain logon information
Fix copy-paste error
Quality of Life improvement for when you have a ton of socks connections. Filtering by "AdminStatus is True" shows the most immediately useful socks connections - especially if you have a ton of connections already with only one of them having admin to a host.
Added SystemDPAPIdump.py example
Dumpadcs fixaceflag
Add SCCM NTLM Relay Attack
Update httprelayclient.py to force NTLM auth
Fix Space bug
…ty-values Secretsdump sqsa fix empty values
# Conflicts: # examples/GetUserSPNs.py
* Added afc07e2e-311c-4435-808c-c483ffeec7c9 v(1, 0): lsasrv.dll * Added c0d930f0-b787-4124-99bc-21f0ecb642ce v(0, 0): lsasrv.dll * Added d25576e4-00d2-43f7-98f9-b4c0724158f9 v(0, 0): lsasrv.dll * Added 7f1317a8-4dea-4fa2-a551-df5516ff8879 v(1, 0): dpapisrv.dll * Added b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86 v(2, 0): keyiso.dll * Added 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b v(1, 0): keyiso.dll * Added 51a227ae-825b-41f2-b4a9-1ac9557a1018 v(1, 0): keyiso.dll * Added 6c9b7b96-45a8-4cca-9eb3-e21ccf8b5a89 v(1, 1): umpo.dll * Added 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9 v(1, 0): psmsrv.dll * Added 085b0334-e454-4d91-9b8c-4134f9e793f3 v(1, 0): psmsrv.dll * Added 8782d3b9-ebbd-4644-a3d8-e8725381919b v(1, 0): psmsrv.dll * Added 3b338d89-6cfa-44b8-847e-531531bc9992 v(1, 0): psmsrv.dll * Added bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760 v(1, 0): psmsrv.dll * Added 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2 v(1, 0): psmsrv.dll * Added 0361ae94-0316-4c6c-8ad8-c594375800e2 v(1, 0): psmsrv.dll * Added 2d98a740-581d-41b9-aa0d-a88b9d5ce938 v(1, 0): bisrv.dll * Added 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a v(1, 0): bisrv.dll * Added 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0 v(1, 0): bisrv.dll * Added c605f9fb-f0a3-4e2a-a073-73560f8d9e3e v(1, 0): bisrv.dll * Added 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e v(1, 0): bisrv.dll * Added 55e6b932-1979-45d6-90c5-7f6270724112 v(1, 0): resourcepolicyserver.dll * Added 76c217bc-c8b4-4201-a745-373ad9032b1a v(1, 0): resourcepolicyserver.dll * Added 88abcbc3-34ea-76ae-8215-767520655a23 v(0, 0): resourcepolicyserver.dll * Added 2c7fd9ce-e706-4b40-b412-953107ef9bb0 v(0, 0): psmserviceexthost.dll * Added c521facf-09a9-42c5-b155-72388595cbf0 v(0, 0): psmserviceexthost.dll * Added 1832bcf6-cab8-41d4-85d2-c9410764f75a v(1, 0): psmserviceexthost.dll * Added 4dace966-a243-4450-ae3f-9b7bcb5315b8 v(2, 0): psmserviceexthost.dll * Added e53d94ca-7464-4839-b044-09a2fb8b3ae5 v(1, 0): psmserviceexthost.dll * Added 082a3471-31b6-422a-b931-a54401960c62 v(1, 0): psmserviceexthost.dll * Added 4ed8abcc-f1e2-438b-981f-bb0e8abc010c v(1, 0): psmserviceexthost.dll * Added 95406f0b-b239-4318-91bb-cea3a46ff0dc v(1, 0): psmserviceexthost.dll * Added fae436b0-b864-4a87-9eda-298547cd82f2 v(1, 0): psmserviceexthost.dll * Added 178d84be-9291-4994-82c6-3f909aca5a03 v(1, 0): psmserviceexthost.dll * Added 0d47017b-b33b-46ad-9e18-fe96456c5078 v(1, 0): psmserviceexthost.dll * Added dd59071b-3215-4c59-8481-972edadc0f6a v(1, 0): psmserviceexthost.dll * Added 2513bcbe-6cd4-4348-855e-7efb3c336dd3 v(1, 0): bisrv.dll * Added 20c40295-8dba-48e6-aebf-3e78ef3bb144 v(1, 0): bisrv.dll * Added b8cadbaf-e84b-46b9-84f2-6f71c03f9e55 v(1, 0): bisrv.dll * Added 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf v(1, 0): bisrv.dll * Added d09bdeb5-6171-4a34-bfe2-06fa82652568 v(1, 0): BrokerLib.dll * Added 9b008953-f195-4bf9-bde0-4471971e58ed v(1, 0): systemeventsbrokerserver.dll * Added 697dcda9-3ba9-4eb2-9247-e11f1901b0d2 v(1, 0): systemeventsbrokerserver.dll * Added 1377d115-98fd-4034-b574-111156ca239c v(1, 0): systemeventsbrokerserver.dll * Added 7419cf08-91a7-4afd-8f5e-1dd76de094fd v(1, 0): DAB.dll * Added fc48cd89-98d6-4628-9839-86f7a3e4161a v(1, 0): ACPBackgroundManagerPolicy.dll * Added e3907f22-c899-44e7-9d11-9d8b3d924832 v(1, 0): lsm.dll * Added 53825514-1183-4934-a0f4-cfdc51c3389b v(1, 0): lsm.dll * Added c2d15ccf-a416-46dc-ba58-4624ac7a9123 v(1, 0): lsm.dll * Added 28098650-fe3c-4af4-8a41-8bcd284941c5 v(1, 0): termsrv.dll * Added 5222821f-d5e2-4885-84f1-5f6185a0ec41 v(1, 0): ncbservice.dll * Added 880fd55e-43b9-11e0-b1a8-cf4edfd72085 v(1, 0): ncbservice.dll * Added e40f7b57-7a25-4cd3-a135-7f7d3df9d16b v(1, 0): ncbservice.dll * Added a500d4c6-0dd1-4543-bc0c-d5f93486eaf8 v(1, 0): timebrokerserver.dll * Added 4c8d0bef-d7f1-49f0-9102-caa05f58d114 v(1, 0): nlasvc.dll * Added 2a82bb21-e44f-4791-9aa1-dfae788e2f43 v(1, 0): UBPM.dll * Added 33d84484-3626-47ee-8c6f-e7e98b113be1 v(2, 0): WPTaskScheduler.dll * Added 3a9ef155-691d-4449-8d05-09ad57031823 v(1, 0): schedsvc.dll * Added f2c9b409-c1c9-4100-8639-d8ab1486694a v(1, 0): wkssvc.dll * Added eb081a0d-10ee-478a-a1dd-50995283e7a8 v(3, 0): wkssvc.dll * Added 7f1343fe-50a9-4927-a778-0c5859517bac v(1, 0): wkssvc.dll * Added b18fbab6-56f8-4702-84e0-41053293a869 v(1, 0): usermgr.dll * Added 0d3c7f20-1c8d-4654-a1b3-51563b298bda v(1, 0): usermgr.dll * Added b12fd546-c875-4b41-97d8-950487662202 v(1, 0): sessenv.dll * Added 1257b580-ce2f-4109-82d6-a9459d0bf6bc v(1, 0): sessenv.dll * Added 29770a8f-829b-4158-90a2-78cd488501f7 v(1, 0): sessenv.dll * Added 47ac638a-718f-49a0-97c5-574ac77acf4d v(2, 7): audiosrv.dll * Added 7c69ac10-fa12-4dbf-90d9-c7f1e40f5dc5 v(1, 6): audiosrv.dll * Added 5fc2481b-f8d7-466b-a741-cc7806c784a3 v(1, 0): audiosrv.dll * Added cba4c918-e55a-46ee-aa62-cade158e9165 v(1, 0): audiosrv.dll * Added c7ce3826-891f-4376-b161-c63d2403142c v(1, 0): audiosrv.dll * Added c27f3c08-92ba-478c-b446-b419c4cef0e2 v(1, 0): dusmsvc.dll * Added abfb6ca3-0c5e-4734-9285-0aee72fe8d1c v(1, 0): wcmsvc.dll * Added b37f900a-eae4-4304-a2ab-12bb668c0188 v(1, 0): wcmsvc.dll * Added e7f76134-9ef5-4949-a2d6-3368cc0988f3 v(1, 0): wcmsvc.dll * Added 7aeb6705-3ae6-471a-882d-f39c109edc12 v(1, 0): wcmsvc.dll * Added f44e62af-dab1-44c2-8013-049a9de417d6 v(1, 0): wcmsvc.dll * Added af7fead8-c34a-461f-8894-6d6f0e5eddcd v(1, 0): wifinetworkmanager.dll * Added 266f33b4-c7c1-4bd1-8f52-ddb8f2214eb0 v(1, 0): wlansvc.dll * Added a111f1c6-5923-47c0-9a68-d0bafb577901 v(1, 0): NetSetupShim.dll * Added df4df73a-c52d-4e3a-8003-8437fdf8302a v(0, 0): coremessaging.dll * Added f47433c3-3e9d-4157-aad4-83aa1f5c2d4c v(1, 0): mpssvc.dll * Added 4c9dbf19-d39e-4bb9-90ee-8f7179b20283 v(1, 0): diagtrack.dll * Added fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d v(1, 0): diagtrack.dll * Added 95095ec8-32ea-4eb0-a3e2-041f97b36168 v(1, 0): diagtrack.dll * Added e38f5360-8572-473e-b696-1b46873beeab v(1, 0): diagtrack.dll * Added d22895ef-aff4-42c5-a5b2-b14466d34ab4 v(1, 0): diagtrack.dll * Added 2579ff35-0ab0-4e5a-88fa-1d88c4e0cb92 v(2, 0): crypttpmeksvc.dll * Added f50aac00-c7f3-428e-a022-a6b71bfb9d43 v(2, 0): cryptcatsvc.dll * Added 1495a2be-b7a8-4299-9d3b-8825e5bcbfb9 v(1, 0): webauthn.dll * Added 714dc5c4-c5f6-466a-b037-a573c958031e v(1, 0): eeprov.dll * Added 78e5d322-59a2-4324-ae3f-8bc8de32bdfc v(1, 0): sstpsvc.dll * Added 850cee52-3038-4277-b9b4-e05db8b2c35c v(1, 0): das.dll * Added a1d4eae7-39f8-4bca-8e72-832767f5082a v(1, 0): das.dll * Added 2e7d4935-59d2-4312-a2c8-41900aa5495f v(1, 0): das.dll * Added bd84cd86-9825-4376-813d-334c543f89b1 v(1, 0): das.dll * Added 5b665b9a-a086-4e26-ae24-96ab050b0ec3 v(1, 0): das.dll * Added 2f5f6521-cb55-1059-b446-00df0bce31db v(1, 0): unimdm.tsp * Added 1a0d010f-1c33-432c-b0f5-8cf4e8053099 v(1, 0): srvsvc.dll * Added ecbdb051-f208-46b9-8c8b-648d9d3f3944 v(1, 0): iphlpsvc.dll * Added 1fff8faa-ec23-4e3f-a8ce-4b2f8707e636 v(1, 0): iphlpsvc.dll * Added 2e6035b2-e8f1-41a7-a044-656b439c4c34 v(1, 0): httpprxm.dll * Added c36be077-e14b-4fe9-8abc-e856ef4f048b v(1, 0): httpprxm.dll * Added c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1 v(1, 0): adhsvc.dll * Added 650a7e26-eab8-5533-ce43-9c1dfce11511 v(1, 0): rascustom.dll * Added eeee008d-5c99-4e4b-861b-547a26e8abd0 v(1, 0): dashost.exe * Added e7a216af-1ec1-447f-8d3f-a87278db564d v(1, 0): vmcompute.exe * Added e64b9aee-f372-4312-9a14-8f1502b5c8e3 v(1, 0): ipnathlp.dll * Added 0497b57d-2e66-424f-a0c6-157cd5d41700 v(1, 0): appinfo.dll * Added 7a20fcec-dec4-4c59-be57-212e8f65d3de v(1, 0): SgrmBroker.exe * Added be7f785e-0e3a-4ab7-91de-7e46e443be29 v(0, 0): storsvc.dll * Added 54b4c689-969a-476f-8dc2-990885e9f562 v(0, 0): storsvc.dll * Added a4b8d482-80ce-40d6-934d-b22a01a44fe7 v(1, 0): licensemanagersvc.dll * Added bf4dc912-e52f-4904-8ebe-9317c1bdd497 v(1, 0): dssvc.dll * Added cad784cb-4c1b-4d96-b8f7-4716b568b13c v(1, 0): wininet.dll * Added cc105610-da03-467e-bc73-5b9e2937458d v(1, 0): wlidsvc.dll * Added faf2447b-b348-4feb-8dbe-beee5b7f7778 v(1, 0): wlidsvc.dll * Added 572e35b4-1344-4565-96a1-f5df3bfa89bb v(1, 0): wlidsvc.dll * Added 8ec21e98-b5ce-4916-a3d6-449fa428a007 v(0, 0): modernexecserver.dll * Added 0fc77b1a-95d8-4a2e-a0c0-cff54237462b v(0, 0): modernexecserver.dll * Added b1ef227e-dfa5-421e-82bb-67a6a129c496 v(0, 0): modernexecserver.dll * Added d2716e94-25cb-4820-bc15-537866578562 v(1, 0): aphostservice.dll * Added 0c53aa2e-fb1c-49c5-bfb6-c54f8e5857cd v(1, 0): SyncController.dll * Added e8748f69-a2a4-40df-9366-62dbeb696e26 v(0, 0): unistore.dll * Added c8ba73d2-3d55-429c-8e9a-c44f006f69fc v(0, 0): userdataservice.dll * Added 43890c94-bfd7-4655-ad6a-b4a68397cdcb v(0, 0): pimindexmaintenance.dll * Added 923c9623-db7f-4b34-9e6d-e86580f8ca2a v(1, 0): SyncController.dll * Kept only names of program hosting the services. * Sorted by name of program hosting the services. --------- Co-authored-by: p0dalirius <podalirius@protonmail.com>
Filter Socks Connection via AdminStatus
SID Bruteforce through ntlmrelay over SMB
…gpg-keys Added OpenGPG public/private key parsing in secretsdump.py
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I have added parsing for the services passwords (SCM) extracted from the LSA by secretsdump. It now prints:
Before my patch, secretsdump printed:
After my patch, secretsdump prints:
References