Closed forensenellanebbia closed 5 years ago
Hi! Thank you for the sample! Turns out that there was an issue choosing the correct decryption template for the MSV module based on the build number. I've pushed a fix so it should be okay now. Currently I don't have time for making a new release so you'll have to clone it from the repo.
I'm testing pypykatz on Ubuntu 18.04.2 with Python 3.6.7. I get the following error message when I run the tool against a minidump I've created:
Command: pypykatz minidump '/home/ubuntu/Desktop/20190406_10.0.17134.1.lsass.exe.dmp' Exception: Signature was not found in module lsasrv.dll Signature: 33ff458937488bf34585c974
The minidump was created on a test VM running:
OS name: Windows 10 Enterprise OS version: 10.0.17134.1 CPU architecture: x64 msv1_0.dll timestamp: 12/04/2018 01:34
I uploaded the minidump to the URL mentioned in the README. Thanks