Closed GoogleCodeExporter closed 9 years ago
It appears v1.2 works fine because the format_john() function does not take the
sid.. I grepped for it and found:
lib/hashoutput.py:def format_john(user, hash, type):
I guess a change was made to the function in 1.3 and wasn't carried over to the
dsusers.py file.
Original comment by m...@baseggio.ca
on 22 Jul 2014 at 2:00
I patched this on my own system by just adjusting all the calls to
format_john() in dsusers.py to include the SID as the second parameter. In
every case it was "user.SID"
For example, line 108 was this (minus the leading whitespace):
sys.stdout.write("\n\t" + format_john(user.SAMAccountName,nt,'NT'))
After patching, it was this:
sys.stdout.write("\n\t" + format_john(user.SAMAccountName,user.SID,nt,'NT'))
I was then able to extract the NT hashes for about 10,000 accounts from a set
of tables that were extracted using esedbexport on a ntds.dit pulled from a
Windows 2008 R2 Domain Controller.
If anybody else is having this issue, this is a relatively simple workaround
until 1.4 beta comes out ;-)
Original comment by Omnipotent13@gmail.com
on 18 Aug 2014 at 3:41
I can confirm Omnipotent13@gmail.com's fix.
Was easily able to patch the 8 locations in the dsusers.py file that needed
user.SID added.
Original comment by t...@rowan.me.uk
on 19 Aug 2014 at 2:05
I have published a new version of the framework, that fixes this issue. Please
check it out on https://github.com/csababarta/ntdsxtract
Original comment by csaba.ba...@gmail.com
on 25 Sep 2014 at 7:14
Original issue reported on code.google.com by
m...@baseggio.ca
on 22 Jul 2014 at 1:56