Closed yoav-orca closed 3 years ago
I like it - I have previously been verifying impacket output using a small reference .dit hosted on https://github.com/c-sto/ntds_reference, which is checked during testing with this function https://github.com/C-Sto/gosecretsdump/blob/master/test/acuracy_test.go#L29-L67 - if you can contribute another reference .dit with the expected output, I can add that to the test suite so that we can be more sure regressions aren't encountered.
Keen to stay compliant with impacket output by default if possible, so thank you for the contributions, very much appreciated.
@C-Sto I would love to share them but they are part of an engagement so they are private :| I have a utility that currently runs both impacket and gosecertsdump and reports on diffs, so I'm sharing findings here
Totally understand - lab environment .dit files can be hard to manufacture to hold the right data too, so there is always a lot of effort in creating those test cases.
I'll see if I can add samples for the issues you identified; I'll need to add older .dit examples for different functional levels anyway.
Just as an update -- I used this patch to extract a ntds.dit file -- it worked as expected. It used the samaccountname instead of UPN.
Fixes #16