ImpDump icon indicating copy to clipboard operation
ImpDump copied to clipboard

Published 20 hours ago verified publisher icon HarmJ0y

Traceback during extraction

Open pand0rausa opened this issue 9 years ago • 1 comments

When running impdump and pointing to the SYSTEM and output files it immediately returns this error.

Traceback (most recent call last): File "impdump.py", line 246, in decKrbtgt(sys.argv[1], sys.argv[2]) File "impdump.py", line 145, in decKrbtgt print decUserHash(bootkey, rawPekKey, "krbtgt", rawRID, "", rawNTLMhash) File "impdump.py", line 32, in decUserHash rid = int(rawRID[48:],16) TypeError: 'NoneType' object has no attribute 'getitem'

pand0rausa avatar Sep 16 '15 13:09 pand0rausa

Same error. I think the bug is in extract.sh.

This error shows the Encrypted PEK (Password Encryption Key) is not correctly extracted from ntds file with extract.sh.

The output file of extract.sh doesn't contain ATTk590689 attributes in my case.

impdump.py uses the output file of extract.sh script for getting hashes. impdump.py needs this value for decrypting hashes (PEK + RC4).

So I think It is impossible to extract hashes for us with this project...

quentinhardy avatar May 21 '18 08:05 quentinhardy