search

fortra / impacket

Impacket is a collection of Python classes for working with network protocols.
https://www.coresecurity.com
Other
13.49k stars 3.57k forks source link

secretsdump.py - unpack requires a buffer of 8 bytes #1513

Open MattCarothers opened 1 year ago

MattCarothers commented 1 year ago

Configuration

impacket version: v0.10.1.dev1+20230327.122651.a3f0373d Python version: 3.10.6 Target OS: Ubuntu 20.04

Debug Output With Command String

# secretsdump.py -ntds ntds.dit -system SYSTEM local
Impacket v0.10.1.dev1+20230327.122651.a3f0373d - Copyright 2022 Fortra

[*] Target system bootKey: 0x********************************
[*] Dumping Domain Credentials (domain\uid:rid:lmhash:nthash)
[*] Searching for pekList, be patient
[-] ('unpack requires a buffer of 8 bytes', 'When unpacking field \'Header | 8s=b"" | b\'~UN\\x00\'[:8]\'')
[*] Cleaning up...

I tried a couple of older versions as well as the master branch, but I got the same result every time.

MattCarothers commented 1 year ago

And here's the debug output:

Impacket v0.10.1.dev1+20230327.122651.a3f0373d - Copyright 2022 Fortra

[+] Impacket Library Installation Path: /opt/impacket/venv/lib/python3.10/site-packages/impacket-0.10.1.dev1+20230327.122651.a3f0373d-py3.10.egg/impacket
[+] Retrieving class info for JD
[+] Unknown type 0xb'5\x00'
[+] Retrieving class info for Skew1
[+] Unknown type 0xb'c\x00'
[+] Retrieving class info for GBG
[+] Unknown type 0xb'9\x00'
[+] Retrieving class info for Data
[+] Unknown type 0xb'2\x00'
[*] Target system bootKey: 0x********************************
[+] Checking NoLMHash Policy
[+] LMHashes are NOT being stored
[+] Mounting DB...
[+] Trying to fetch page -1 (0x0)
[+] Database Version:0x620, Revision:0x14
[+] Page Size: 8192
[+] Total Pages in file: 1530878
[+] Trying to fetch page 4 (0xa000)
[snip]
[+] Trying to fetch page 276658 (0x87166000)
[+] Trying to fetch page 278699 (0x88158000)
[+] Trying to fetch page 288127 (0x8cb00000)
Traceback (most recent call last):
  File "/opt/impacket/venv/lib/python3.10/site-packages/impacket-0.10.1.dev1+20230327.122651.a3f0373d-py3.10.egg/EGG-INFO/scripts/secretsdump.py", line 279, in dump
    self.__NTDSHashes.dump()
  File "/opt/impacket/venv/lib/python3.10/site-packages/impacket-0.10.1.dev1+20230327.122651.a3f0373d-py3.10.egg/impacket/examples/secretsdump.py", line 2513, in dump
    self.__getPek()
  File "/opt/impacket/venv/lib/python3.10/site-packages/impacket-0.10.1.dev1+20230327.122651.a3f0373d-py3.10.egg/impacket/examples/secretsdump.py", line 2033, in __getPek
    encryptedPekList = self.PEKLIST_ENC(peklist)
  File "/opt/impacket/venv/lib/python3.10/site-packages/impacket-0.10.1.dev1+20230327.122651.a3f0373d-py3.10.egg/impacket/structure.py", line 87, in __init__
    self.fromString(data)
  File "/opt/impacket/venv/lib/python3.10/site-packages/impacket-0.10.1.dev1+20230327.122651.a3f0373d-py3.10.egg/impacket/structure.py", line 152, in fromString
    self[field[0]] = self.unpack(field[1], data[:size], dataClassOrCode = dataClassOrCode, field = field[0])
  File "/opt/impacket/venv/lib/python3.10/site-packages/impacket-0.10.1.dev1+20230327.122651.a3f0373d-py3.10.egg/impacket/structure.py", line 326, in unpack
    return self.unpack(two[0],data)
  File "/opt/impacket/venv/lib/python3.10/site-packages/impacket-0.10.1.dev1+20230327.122651.a3f0373d-py3.10.egg/impacket/structure.py", line 385, in unpack
    return unpack(format, data)[0]
struct.error: ('unpack requires a buffer of 8 bytes', 'When unpacking field \'Header | 8s=b"" | b\'~UN\\x00\'[:8]\'')
[-] ('unpack requires a buffer of 8 bytes', 'When unpacking field \'Header | 8s=b"" | b\'~UN\\x00\'[:8]\'')
[*] Cleaning up...