New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

/usr/local/pf/addons/AD/secretsdump.py tries to create resume session file in "/" #3777

Closed
cmammoli opened this Issue Nov 12, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@cmammoli
Copy link
Contributor

cmammoli commented Nov 12, 2018

Enabled ntlm batch sync and got this failure message:

Failure to build the NTLM cache due to 'Cannot synchronize users hashes. Command output: Impacket v0.9.15 - Copyright 2002-2016 Core Security Technologies

[] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[
] Using the DRSUAPI method to get NTDS.DIT secrets
[-] Cannot create resume session file [Errno 13] Permission denied: 'sessionresume_MbsMlXiV'
[] Something wen't wrong with the DRSUAPI approach. Try again with -use-vss parameter
[
] Cleaning up...
'. Please check server side logs for more details.

It seems that secretsdump tries to create a resume session file in the directory where it is invoked.
I put print(os.getcwd() + "\n") on top of the script and it seems it is called from "/"

Since it runs as user pf it cannot create the resume file and dies

@julsemaan

This comment has been minimized.

Copy link
Contributor

julsemaan commented Nov 12, 2018

Its weird because it used to always do this in /tmp from what I recall

I'm guessing something has changed in the pfmon process cwd or the invocation of secretsdump.py

I'll take a look at this at the same time as #3776

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment