Skip to content

secretsdump.py does not parse Windows Server 2025 NTDS.dit #1924

New issue
New issue
Open
Bug
Open
secretsdump.py does not parse Windows Server 2025 NTDS.dit#1924
Bug
Labels
bugUnexpected problem or unintended behavior
@0xSterny

Description

@0xSterny
0xSterny
opened on Mar 19, 2025

Pulling down any NTDS.dit file from a windows server 2025 reports an error of unknown JD, Skew1, GBG, and Data. This is possibly due to the new 32k database pages, but my server is running all default setups for NTDS.

Impacket v0.11.0 - Copyright 2023 Fortra

[+] Impacket Library Installation Path: /home/sterny/.local/share/pipx/venvs/impacket/lib/python3.11/site-packages/impacket
[+] Retrieving class info for JD
[+] Unknown type 0xb'7\x00'
[+] Retrieving class info for Skew1
[+] Unknown type 0xb'3\x00'
[+] Retrieving class info for GBG
[+] Unknown type 0xb'4\x00'
[+] Retrieving class info for Data
[+] Unknown type 0xb'e\x00'
[*] Target system bootKey: 0x471233964493f56c7e63f2eb2faee824
[+] Checking NoLMHash Policy
[+] LMHashes are NOT being stored
[+] Mounting DB...
[+] Trying to fetch page -1 (0x0)
[+] Database Version:0x620, Revision:0x122
[+] Page Size: 32768
[+] Total Pages in file: 1278
[+] Trying to fetch page 4 (0x28000)
Traceback (most recent call last):
  File "/home/sterny/.local/bin/secretsdump.py", line 272, in dump
    self.__NTDSHashes = NTDSHashes(NTDSFileName, bootKey, isRemote=self.__isRemote, history=self.__history,
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/sterny/.local/share/pipx/venvs/impacket/lib/python3.11/site-packages/impacket/examples/secretsdump.py", line 1977, in __init__
    self.__ESEDB = ESENT_DB(ntdsFile, isRemote = isRemote)
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/home/sterny/.local/share/pipx/venvs/impacket/lib/python3.11/site-packages/impacket/ese.py", line 608, in __init__
    self.mountDB()
  File "/home/sterny/.local/share/pipx/venvs/impacket/lib/python3.11/site-packages/impacket/ese.py", line 625, in mountDB
    self.parseCatalog(CATALOG_PAGE_NUMBER)
  File "/home/sterny/.local/share/pipx/venvs/impacket/lib/python3.11/site-packages/impacket/ese.py", line 707, in parseCatalog
    self.parsePage(page)
  File "/home/sterny/.local/share/pipx/venvs/impacket/lib/python3.11/site-packages/impacket/ese.py", line 690, in parsePage
    flags, data = page.getTag(tagNum)
                  ^^^^^^^^^^^^^^^^^^^
  File "/home/sterny/.local/share/pipx/venvs/impacket/lib/python3.11/site-packages/impacket/ese.py", line 585, in getTag
    pageFlags = tmpData[1] >> 5
                ~~~~~~~^^^
IndexError: bytearray index out of range
[-] bytearray index out of range
[*] Cleaning up...

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugUnexpected problem or unintended behavior

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions