search

csababarta / ntdsxtract

Active Directory forensic framework
http://www.ntdsxtract.com
GNU General Public License v3.0
311 stars 109 forks source link

dscomputers.py --passwordhashes broken #10

Closed brandoncasaba closed 9 years ago

brandoncasaba commented 9 years ago

Trying to extract machine accounts and failing. Works fine with ImpDump (https://github.com/HarmJ0y/ImpDump) and CredDump.

command: ntdsxtract/dscomputers.py output.export/datatable.4 work --syshive system --passwordhashes --pwdformat john --ntoutfile nt --lmoutfile lm

... Password hashes:[!] Error! format_john() takes exactly 4 arguments (3 given)

Looks like you're missing the sid arg? Quick test editing the code to pass in an empty string for a sid does get some output however.

The ophc argument also doesn't seem to return anything, but no errors. edit: it seems there is a logic problem there, ntlm passwords are never written with ophc format flag...

brandoncasaba commented 9 years ago

Added a pull request with a fix for the john portion. See https://github.com/csababarta/ntdsxtract/pull/11

csababarta commented 9 years ago

Hi there,

I have fixed the issue. Thank you for reporting it.

brandoncasaba commented 9 years ago

Thank you, looks fixed