SAM Dump for accounts without secrets

Question

SAM Dump for accounts without secrets

Dfte opened this issue 2 months ago · 3 comments

I realised that some defaults Windows accounts, like for example WDAGUtilityAccount, throw the following error:

However there is no error here. WDAGUtilisatyAccount does not have a NT hash in the SAM database because this is a virtual account used to contain applications in a sandbox (for example browsers) and these featuers are not used on windows servers. Considering I never saw secretsdump failing in dumping SAM database, I believe it is possible to switch the following liens from impacket/impacket/examples/secretsdump.py:

if userAccount['NTHashLength'] == 0:
    logging.error('SAM hashes extraction for user %s failed. The account doesn\'t have hash information.' % userName)
    continue

to

if userAccount['NTHashLength'] == 0:
    logging.debug('SAM hashes extraction for user %s failed. The account doesn\'t have hash information.' % userName)
    continue

That way most of tools using impacket secretsdump won't have a messed up output.

Let me know what you think about this :)