WIN7 Failed

[TryA9ain]

Target iInformation

Windows 7 Ultimate (x64)

I use the .exe version to run nanodump

then I downloaded the minidump and Recover invalid signatures

I use Kali pypykatz, But it failed

I also try to use Cobalt Strike, then use Kali pypykatz, it failed too

Declare in advance that my Kali pypykatz is OK

[S4ntiagoP]

Hey there,
I will get a Win7 VM and try it myself.
In the mean time, why don't you try with the latest version of pypykatz which is "0.5.2" (clone the repo and compile it locally).

[S4ntiagoP]

yep, this is a legitimate issue, thanks for reporting it!
I will investigate and try o find what's wrong

[S4ntiagoP]

I found the issue, it is fixed in this commit.
The thing is that I was setting the field TimeDateStamp to 0 on every DLL that was dumped. Aparently this field is important in Windows7 but not in Windows 10.
Thank you very much for finding and reporting this!

[hastalamuerte]

@S4ntiagoP Hello , facing a bit same errors when trying to get secrets from nanodumps output

nanodumps was runned on machine with ASCII or UTF8 language pack . And en in second lang
I made a nanodump -w (via havok) and then try use commands provided . mimikatz - both version x64, x86 , pypykatz - no luck

[hastalamuerte]

redumping with -v gave results! possible transport corrupt dump file a bit .