search

skelsec / pypykatz

Mimikatz implementation in pure Python
MIT License
2.81k stars 371 forks source link

Exception: Could not find module! lsasrv.dll #106

Closed c4ln closed 2 years ago

c4ln commented 2 years ago

INFO:root:Parsing file work.dmp INFO:pypykatz:===== BASIC INFO. SUBMIT THIS IF THERE IS AN ISSUE ===== INFO:pypykatz:pypyKatz version: 0.4.9 INFO:pypykatz:CPU arch: X64 INFO:pypykatz:OS: Windows Server 2012 R2 INFO:pypykatz:BuildNumber: 9600 INFO:pypykatz:MajorVersion: 6 INFO:pypykatz:MSV timestamp: 0 INFO:pypykatz:===== BASIC INFO END ===== ERROR:root:Error while parsing file work.dmp Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pypykatz/pypykatz.py", line 261, in get_lsa lsa_dec = LsaDecryptor.choose(self.reader, lsa_dec_template, self.sysinfo) File "/usr/lib/python3/dist-packages/pypykatz/lsadecryptor/lsa_decryptor.py", line 20, in choose return LsaDecryptor_NT6(reader, decryptor_template, sysinfo) File "/usr/lib/python3/dist-packages/pypykatz/lsadecryptor/lsa_decryptor_nt6.py", line 22, in init self.acquire_crypto_material() File "/usr/lib/python3/dist-packages/pypykatz/lsadecryptor/lsa_decryptor_nt6.py", line 26, in acquire_crypto_material sigpos = self.find_signature() File "/usr/lib/python3/dist-packages/pypykatz/lsadecryptor/lsa_decryptor_nt6.py", line 44, in find_signature fl = self.reader.find_in_module('lsasrv.dll', self.decryptor_template.key_pattern.signature, find_first = True) File "/usr/lib/python3/dist-packages/minidump/minidumpreader.py", line 272, in find_in_module t = self.reader.search_module(module_name, pattern, find_first = find_first, reverse_order = reverse_order, chunksize = self.segment_chunk_size) File "/usr/lib/python3/dist-packages/minidump/minidumpreader.py", line 337, in search_module raise Exception('Could not find module! %s' % module_name) Exception: Could not find module! lsasrv.dll

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pypykatz/lsadecryptor/cmdhelper.py", line 230, in run mimi = pypykatz.parse_minidump_file(args.memoryfile, packages=args.packages) File "/usr/lib/python3/dist-packages/pypykatz/pypykatz.py", line 150, in parse_minidump_file raise e File "/usr/lib/python3/dist-packages/pypykatz/pypykatz.py", line 146, in parse_minidump_file mimi.start(packages) File "/usr/lib/python3/dist-packages/pypykatz/pypykatz.py", line 350, in start self.lsa_decryptor = self.get_lsa() File "/usr/lib/python3/dist-packages/pypykatz/pypykatz.py", line 267, in get_lsa raise Exception('All detection methods failed.') Exception: All detection methods failed. Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pypykatz/pypykatz.py", line 261, in get_lsa lsa_dec = LsaDecryptor.choose(self.reader, lsa_dec_template, self.sysinfo) File "/usr/lib/python3/dist-packages/pypykatz/lsadecryptor/lsa_decryptor.py", line 20, in choose return LsaDecryptor_NT6(reader, decryptor_template, sysinfo) File "/usr/lib/python3/dist-packages/pypykatz/lsadecryptor/lsa_decryptor_nt6.py", line 22, in init self.acquire_crypto_material() File "/usr/lib/python3/dist-packages/pypykatz/lsadecryptor/lsa_decryptor_nt6.py", line 26, in acquire_crypto_material sigpos = self.find_signature() File "/usr/lib/python3/dist-packages/pypykatz/lsadecryptor/lsa_decryptor_nt6.py", line 44, in find_signature fl = self.reader.find_in_module('lsasrv.dll', self.decryptor_template.key_pattern.signature, find_first = True) File "/usr/lib/python3/dist-packages/minidump/minidumpreader.py", line 272, in find_in_module t = self.reader.search_module(module_name, pattern, find_first = find_first, reverse_order = reverse_order, chunksize = self.segment_chunk_size) File "/usr/lib/python3/dist-packages/minidump/minidumpreader.py", line 337, in search_module raise Exception('Could not find module! %s' % module_name) Exception: Could not find module! lsasrv.dll

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "/usr/lib/python3/dist-packages/pypykatz/lsadecryptor/cmdhelper.py", line 230, in run mimi = pypykatz.parse_minidump_file(args.memoryfile, packages=args.packages) File "/usr/lib/python3/dist-packages/pypykatz/pypykatz.py", line 150, in parse_minidump_file raise e File "/usr/lib/python3/dist-packages/pypykatz/pypykatz.py", line 146, in parse_minidump_file mimi.start(packages) File "/usr/lib/python3/dist-packages/pypykatz/pypykatz.py", line 350, in start self.lsa_decryptor = self.get_lsa() File "/usr/lib/python3/dist-packages/pypykatz/pypykatz.py", line 267, in get_lsa raise Exception('All detection methods failed.') Exception: All detection methods failed.

skelsec commented 2 years ago

Thanks for the bug report. The current version of pypykatz is 0.5.8 whilst yous is 0.4.9. A lot has happened since then :) I believe this issue will go away if you use the latest version.

c4ln commented 2 years ago

ahh okay thanks!

skelsec commented 2 years ago

Did it solve your issue?

c4ln commented 2 years ago

yeah, it did. also, a suggestion, could you make it possible to add, PPL bypass, to pypykatz, mainly for windows 2012?, The Userland exploit, doesn't work on windows 2012, Thanks =)

skelsec commented 2 years ago

I'm glad it solved the issue. PPL and other bypasses and exploits are not the main goal of this project at the moment, I'd recommend using other tools to perform the dumping.