impacket version: v0.10.0
Python version: 3.11.2
Target OS: Kali Linux 2023.1
Debug Output With Command String
i.e.
python3 /usr/share/doc/python3-impacket/examples/secretsdump.py -debug -ntds ntds.dit -system SYSTEM -security SECURITY LOCAL
...
[+] Trying to fetch page 19366 (0x974e000)
[+] Entering NTDSHashes.__decryptHash
[+] Decrypting hash for user: John Doe
example.com\John.Doe:12345:aad3b435b51404eeaad3b435b51404ee:1234567890abcdef1234567890abcdef:::
[+] Leaving NTDSHashes.__decryptHash
[+] Entering NTDSHashes.__decryptSupplementalInfo
[+] Exception
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/impacket/examples/secretsdump.py", line 2512, in dump
self.__decryptSupplementalInfo(record, None, keysOutputFile, clearTextOutputFile)
File "/usr/lib/python3/dist-packages/impacket/examples/secretsdump.py", line 2148, in __decryptSupplementalInfo
userProperty = samr.USER_PROPERTY(propertiesData)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/structure.py", line 87, in __init__
self.fromString(data)
File "/usr/lib/python3/dist-packages/impacket/structure.py", line 152, in fromString
self[field[0]] = self.unpack(field[1], data[:size], dataClassOrCode = dataClassOrCode, field = field[0])
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/structure.py", line 326, in unpack
return self.unpack(two[0],data)
^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/structure.py", line 385, in unpack
return unpack(format, data)[0]
^^^^^^^^^^^^^^^^^^^^
struct.error: ('unpack requires a buffer of 2 bytes', "When unpacking field 'NameLength | <H=0 | b''[:2]'")
[-] Error while processing row for user John Doe
[-] ('unpack requires a buffer of 2 bytes', "When unpacking field 'NameLength | <H=0 | b''[:2]'")
...
Additional context
Entire debug output is a never-ending loop. Output above is a sample. Source files are from a client and not able to be shared. Source files were retrieved using vssadmin command.
This is an issue I see frequently, and I am motivated to assist however I can in finding a solution.
I have found a workaround to this by using dissect. Still not sure what the actual issue is, but shimming dissect.esedb works successfully on all the files that have failed in the past.
Configuration
impacket version: v0.10.0 Python version: 3.11.2 Target OS: Kali Linux 2023.1
Debug Output With Command String
i.e.
python3 /usr/share/doc/python3-impacket/examples/secretsdump.py -debug -ntds ntds.dit -system SYSTEM -security SECURITY LOCAL
Additional context
Entire debug output is a never-ending loop. Output above is a sample. Source files are from a client and not able to be shared. Source files were retrieved using
vssadmin
command.This is an issue I see frequently, and I am motivated to assist however I can in finding a solution.