Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Output errors #25

Open
aldo1901 opened this issue Jul 4, 2016 · 4 comments
Open

Output errors #25

aldo1901 opened this issue Jul 4, 2016 · 4 comments

Comments

@aldo1901
Copy link

aldo1901 commented Jul 4, 2016

Here is my command line:

python dsusers.py datatable linktable test --passwordhashes --syshive system.save --pwdformat john --lmoutfile LM.out --ntoutfile NT.out

The scripts displays a scrolling output of:

[!] Warning! Multiple records with PEK entry!
[+] Scanning database - 0% -> 4372(this number is just an example, it keeps increasing as the script is running) records processed

Finally, the scripts gets killed:

Error in sys.excepthook:
Traceback (most recent call last):
File "C:\Users\aldperez\Documents\dumpntds\ntdsxtract\ntds__init__.py", line
31, in simple_exception
sys.stderr.write("[!] Error!", value, "\n")
TypeError: function takes exactly 1 argument (3 given)

Original exception was:
Traceback (most recent call last):
File "dsusers.py", line 407, in
db = dsInitDatabase(sys.argv[1], wd)
File "C:\Users\aldperez\Documents\dumpntds\ntdsxtract\ntds\dsdatabase.py", lin
e 174, in dsInitDatabase
dsCheckMaps(db, workdir)
File "C:\Users\aldperez\Documents\dumpntds\ntdsxtract\ntds\dsdatabase.py", lin
e 207, in dsCheckMaps
dsBuildMaps(dsDatabase, workdir)
File "C:\Users\aldperez\Documents\dumpntds\ntdsxtract\ntds\dsdatabase.py", lin
e 290, in dsBuildMaps
dsMapRecordIdBySID[str(SID(record[ntds.dsfielddictionary.dsSIDIndex]))]
IndexError: list index out of range

Concerning the PEK entries, does it mean that the DC is encrypted? Also, I'm running this in Windows and I do have pycrypto installed. Thanks
@Mooey28
Copy link

Mooey28 commented Sep 22, 2017

Also getting this error:

TypeError: function takes exactly 1 argument (3 given)

Any fix or idea what to do?

@jskrivseth
Copy link

+1

@jskrivseth
Copy link

jskrivseth commented Mar 23, 2018
edited
Loading

In my datatable input file, the PEK column (ATTk590689) was the rightmost column. When dsusers.py does a split('\t') on the line, it was supposed to read it as an empty string, but dsdatabase.py didn't strip newlines. So it kept reading newlines (either "\r\n" or "\n") as the value for the PEK encryption key and warning that there were duplicate values.

@jskrivseth
Copy link

#27 I submitted this patch to deal with newlines. As it stands, ntdsxtract will always retrieve the wrong values (contains newline chars) from the rightmost column

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jskrivseth @aldo1901 @Mooey28