Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Off-by-one Issue with creds_all #8620

Closed
mubix opened this issue Jun 27, 2017 · 0 comments
Closed

Off-by-one Issue with creds_all #8620

mubix opened this issue Jun 27, 2017 · 0 comments
Assignees
@OJ

Comments

@mubix
Copy link
Contributor

mubix commented Jun 27, 2017 

meterpreter > creds_all
[+] Running as SYSTEM
[*] Retrieving all credentials
msv credentials
===============

Username       Domain    NTLM                              SHA1
--------       ------    ----                              ----
Administrator  RESEARCH  a969169ef8c63052b75e0c8d76954a50  88e4d9fabaecf3dec18dd80905521b29
RDC1$          RESEARCH  c0ccd726cdb5f03dd2e26bb5ddc1ef3d  8f4f67a9a3271494e1cb63b7287c6025fb2ecd34

LM and NTLM on first row, NTLM and SHA1 on second
@mubix mubix assigned OJ Jun 27, 2017
OJ added a commit to OJ/metasploit-framework that referenced this issue Jun 27, 2017
@OJ
Fix output of MSV creds dumping in Kiwi
8e1e505 
The data being pulled out of the MSV credential dump was not being
rendered propertly because it was assumed that all accounts would
provide the same set of hashes/details for each entry found. However,
this was not the case. Some have NTLM & SHA1, others have LM & NTLM,
some have DPAPI when others don't.

This code generates tables based on the values found, and renders those
values in the appropriate columns, and if the values don't exist for
a given account, the column is left blank.

Fixes rapid7#8620
@OJ OJ mentioned this issue Jun 27, 2017
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@OJ OJ

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@OJ @mubix