Closed GoogleCodeExporter closed 9 years ago
GoogleCodeExporter
commented
9 years ago It appears v1.2 works fine because the format_john() function does not take the
sid.. I grepped for it and found:
lib/hashoutput.py:def format_john(user, hash, type):
I guess a change was made to the function in 1.3 and wasn't carried over to the
dsusers.py file. Original comment by m...@baseggio.ca on 22 Jul 2014 at 2:00
GoogleCodeExporter
commented
9 years ago I patched this on my own system by just adjusting all the calls to
format_john() in dsusers.py to include the SID as the second parameter. In
every case it was "user.SID"
For example, line 108 was this (minus the leading whitespace):
sys.stdout.write("\n\t" + format_john(user.SAMAccountName,nt,'NT'))
After patching, it was this:
sys.stdout.write("\n\t" + format_john(user.SAMAccountName,user.SID,nt,'NT'))
I was then able to extract the NT hashes for about 10,000 accounts from a set
of tables that were extracted using esedbexport on a ntds.dit pulled from a
Windows 2008 R2 Domain Controller.
If anybody else is having this issue, this is a relatively simple workaround
until 1.4 beta comes out ;-)Original comment by Omnipotent13@gmail.com on 18 Aug 2014 at 3:41
GoogleCodeExporter
commented
9 years ago I can confirm Omnipotent13@gmail.com's fix.
Was easily able to patch the 8 locations in the dsusers.py file that needed
user.SID added.Original comment by t...@rowan.me.uk on 19 Aug 2014 at 2:05
GoogleCodeExporter
commented
9 years ago I have published a new version of the framework, that fixes this issue. Please
check it out on https://github.com/csababarta/ntdsxtractOriginal comment by csaba.ba...@gmail.com on 25 Sep 2014 at 7:14
Original issue reported on code.google.com by
m...@baseggio.caon 22 Jul 2014 at 1:56