search

csababarta / ntdsxtract

Active Directory forensic framework
http://www.ntdsxtract.com
GNU General Public License v3.0
315 stars 108 forks source link

> Quick&Dirty-Fix: #33

Open 0xAugust opened 3 years ago

0xAugust commented 3 years ago

Quick&Dirty-Fix:

diff --git a/ntds/dsencryption.py b/ntds/dsencryption.py
index 5a5aaeb..55bb470 100755
--- a/ntds/dsencryption.py
+++ b/ntds/dsencryption.py
@@ -64,5 +64,5 @@ def dsDecryptSingleHash(rid, enc_hash):
     (des_k1,des_k2) = sid_to_key(rid)
     d1 = DES.new(des_k1, DES.MODE_ECB)
     d2 = DES.new(des_k2, DES.MODE_ECB)
-    hash = d1.decrypt(enc_hash[:8]) + d2.decrypt(enc_hash[8:])
-    return hash
\ No newline at end of file
+    hash = d1.decrypt(enc_hash[:8]) + d2.decrypt(enc_hash[8:16])
+    return hash[:16]

This works perfect!!!Thanks

Originally posted by @0pa9ue in https://github.com/csababarta/ntdsxtract/issues/30#issuecomment-717089099

0xAugust commented 3 years ago

Hello, this can extract the hash value, but the extracted hash is wrong. How can I solve it.... :)