wootski / impacket

Automatically exported from code.google.com/p/impacket
Other
0 stars 0 forks source link

esentutl.py crashes while dumping table from ntds.dit #43

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
While dumping the "datatable" table of an ntds.dit I get the following message.

''ascii' codec can't decode byte 0xcd in position 0: ordinal not in range(128)"

and esentutl stops short of finishing the dump afterwards. I think it's 
happening around where there are some Chinese characters in the database.

Using impacket version 0.9.12-dev from the svn

Original issue reported on code.google.com by jsp5...@gmail.com on 22 May 2014 at 2:44

GoogleCodeExporter commented 9 years ago
Hey there.. 
Yeah.. most probably that's the case.. i'm attaching an esentutl.py version 
with traceback enabled. You should run it using:
python esentutl.py <arguments>

Could you please send me the output?.. That will help me understand where 
inside ese.py there's a decode error.

thanks!
beto

Original comment by bet...@gmail.com on 22 May 2014 at 1:06

Attachments:

GoogleCodeExporter commented 9 years ago
Thanks for the quick response. Here's the output from esentutl.py with 
traceback enabled:

Traceback (most recent call last):
  File "/Users/parkijo/Tools/temp/esentutl.py", line 88, in main
    exportTable(ese, options.table)
  File "/Users/parkijo/Tools/temp/esentutl.py", line 40, in exportTable
    record = ese.getNextRow(cursor)
  File "/Library/Python/2.7/site-packages/impacket/ese.py", line 812, in getNextRow
    return self.getNextRow(cursor)
  File "/Library/Python/2.7/site-packages/impacket/ese.py", line 814, in getNextRow
    return self.__tagToRecord(cursor, tag['EntryData'])
  File "/Library/Python/2.7/site-packages/impacket/ese.py", line 962, in __tagToRecord
    record[column] = record[column].decode(stringDecoder)
UnicodeDecodeError: 'ascii' codec can't decode byte 0xcd in position 0: ordinal 
not in range(128)
None
'ascii' codec can't decode byte 0xcd in position 0: ordinal not in range(128)

Original comment by jsp5...@gmail.com on 22 May 2014 at 3:34

GoogleCodeExporter commented 9 years ago
Sure..

Okey.. this might be related to 
https://code.google.com/p/impacket/source/detail?r=1145&path=/trunk/examples/sec
retsdump.py, where some NTDS.dit records might get corrupted, so I'm forcing to 
skip them in secretsdump. 

I'm attaching another esentutl.py that is doing the same skip. Please give it a 
try, and let me know if many rows are skipped.

Original comment by bet...@gmail.com on 22 May 2014 at 3:48

Attachments:

GoogleCodeExporter commented 9 years ago
It looks like it's working well now. I didn't see too much missing from the 
output.

Original comment by jsp5...@gmail.com on 23 May 2014 at 4:09

GoogleCodeExporter commented 9 years ago
great to know.. i'll commit this change then.

thanks for the bug report!
beto

Original comment by bet...@gmail.com on 23 May 2014 at 6:49

GoogleCodeExporter commented 9 years ago
Fixed at https://code.google.com/p/impacket/source/detail?r=1225

Original comment by bet...@gmail.com on 23 May 2014 at 6:52