Skip to content
This repository has been archived by the owner on Dec 6, 2023. It is now read-only.

Fixed improper exception handling of lsass dump parsing #538

Merged
merged 2 commits into from
Jun 18, 2022
Merged

Fixed improper exception handling of lsass dump parsing #538

merged 2 commits into from
Jun 18, 2022

Conversation

p0dalirius
Copy link
Contributor

@p0dalirius p0dalirius commented Feb 16, 2022
edited
Loading

When lsassy sucessfully dumps the lsass but cannot parse it, the case was not handled properly and we get this traceback:

# cme smb 192.168.2.17 -d "LAB.local" -u Administrateur -H :902105c3a9fbc100e7f4227a811f30b5 -M lsassy -o METHOD=comsvcs_stealth --export lsassy_LAB.local
SMB         192.168.2.17    445    SRV2016         [*] Windows 10.0 Build 17763 x64 (name:SRV2016) (domain:LAB.local) (signing:False) (SMBv1:False)
SMB         192.168.2.17    445    SRV2016         [+] LAB.local\Administrateur::902105c3a9fbc100e7f4227a811f30b5 (admin)
Traceback (most recent call last):
  File "/root/.local/bin/crackmapexec", line 8, in <module>
192.168.2.17
[DEBUUUUG] 192.168.2.17 <lsassy.impacketfile.ImpacketFile object at 0x7f23a463e970>
    sys.exit(main())
  File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/crackmapexec.py", line 254, in main
    asyncio.run(
  File "/usr/lib/python3.9/asyncio/runners.py", line 44, in run
    return loop.run_until_complete(main)
  File "/usr/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete
    return future.result()
  File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/crackmapexec.py", line 102, in start_threadpool
    await asyncio.gather(*jobs)
  File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/crackmapexec.py", line 68, in run_protocol
    await asyncio.wait_for(
  File "/usr/lib/python3.9/asyncio/tasks.py", line 442, in wait_for
    return await fut
  File "/usr/lib/python3.9/concurrent/futures/thread.py", line 58, in run
    result = self.fn(*self.args, **self.kwargs)
  File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/protocols/smb.py", line 125, in __init__
    connection.__init__(self, args, db, host)
  File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/connection.py", line 62, in __init__
    self.proto_flow()
  File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/connection.py", line 100, in proto_flow
    self.call_modules()
  File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/connection.py", line 132, in call_modules
    self.module.on_admin_login(context, self)
  File "/root/.local/pipx/venvs/crackmapexec/lib/python3.9/site-packages/cme/modules/lsassy_dump.py", line 66, in on_admin_login
    credentials, tickets = Parser(file).parse()
TypeError: cannot unpack non-iterable NoneType object

Fix

I added a condition to check if the parsing failed before using it:

https://github.com/p0dalirius/CrackMapExec/blob/f5ed47e630b524e1c8061c8ccbabfb1cfaa8ebb4/cme/modules/lsassy_dump.py#L65-L69

@mpgn
Copy link
Contributor

mpgn commented Jun 17, 2022

Hello @p0dalirius can you check the conflict so I can merge the PR :)

@mpgn mpgn merged commit 86e46a7 into byt3bl33d3r:master Jun 18, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
moar info required comrade
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@p0dalirius @mpgn