-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed to find username field and encrypted password blob #15
Comments
The format of the data has changed, I just kind of took a guess at how to
parse the data originally and it worked for windows at that point in time,
it's not good enough to keep up with the new versions of windows and needs
to be updated basically.
…On Wed, 8 Feb 2023, 12:07 pm dudeman123, ***@***.***> wrote:
Hello,
I have been working at this for hours, but I have no idea whatsoever about
how to get this working. Similar to the issue @simon-baer
<https://github.com/simon-baer> had (which has no answers at this time),
the program refuses to work. After trying to use PsExec, it kept on failing
to run PowerShell with SYSTEM privileges, so I turned to using AdvancedRun,
which worked.
However, when I followed the guide here
https://gist.github.com/sleeyax/e8684c60c9e0b771d96195e0b4d4c8c0
<http://url> (which was very helpful in explaining), after I ran the
command with SYSTEM privileges, PowerShell threw this error at me:
`OS: Windows 10 21H2
{*-*-*-*-
*} Extracted stage1 for {*-*-*-*-*}
-1
Failed to find username field!
Failed to find an encrypted password blob :/
Found the following:
Domain:
Username:
Password:`
I tried looking at the two files within 'profiles', but there was nothing
which I was able to see. If you would like me to, I could send you the
encrypted files.
Anyways, please help me to resolve this issue.
Best regards,
dudeman
—
Reply to this email directly, view it on GitHub
<#15>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA4UUDTSUKBHTT5BSOVHYRDWWLWTRANCNFSM6AAAAAAUUUR5BY>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
|
Alright, got it. I'll look for other solutions, but let me know if you decide to come out with any updates! Thanks :) |
Realistically, you can just look at the files with a hex editor like HxD
and extract the stuff manually, that's kind of the point of it saving
files, if any step fails, you can just do it manually
…On Wed, 8 Feb 2023, 1:01 pm dudeman123, ***@***.***> wrote:
Alright, got it. I'll look for other solutions, but let me know if you
decide to come out with any updates! Thanks :)
—
Reply to this email directly, view it on GitHub
<#15 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA4UUDWLKNELMEUV2WUKKSDWWL46BANCNFSM6AAAAAAUUUR5BY>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Got it, I think I'll check that out tomorrow |
Any insights on such issue? I’m on Windows 11 (22631). Much appreciated, |
The format of the binary data changes between windows versions, and even
updates sometimes, you can look at the hex it dumps out and figure out
where the username and password are stored now, it should be pretty
obvious, as most of it will not be visible/ will be noise in a hex editor.
I have no insensitive to update this.
…On Tue, 6 Feb 2024, 10:13 am MLUUG, ***@***.***> wrote:
Any insights on such issue? I’m on Windows 11 (22631).
Much appreciated,
Jason
—
Reply to this email directly, view it on GitHub
<#15 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA4UUDUUYAO53GIWQPTZDG3YSFRRVAVCNFSM6AAAAAAUUUR5B2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMRYGQ3TGOJYHA>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
I see. With a little experiment I found out that |
@ash47 For what it's worth, I also followed the instructions at https://gist.github.com/sleeyax/e8684c60c9e0b771d96195e0b4d4c8c0 and it worked. Maybe Win10 22H2 19045.4239 is still using the old format that this tool works for? Also, op could be authenticated with a certificate, I knew already that my credentials were username+password and no certificate. |
Update on this: About a month ago I discovered that I was authenticated by an EAP-TLS certificate instead of a combination of username+password. I am stupid. Using some tools, I was able to extract the certificate marked non-exportable using |
Hello,
I have been working at this for hours, but I have no idea whatsoever about how to get this working. Similar to the issue @simon-baer had (which has no answers at this time), the program refuses to work. After trying to use PsExec, it kept on failing to run PowerShell with SYSTEM privileges, so I turned to using AdvancedRun, which worked.
However, when I followed the guide here https://gist.github.com/sleeyax/e8684c60c9e0b771d96195e0b4d4c8c0 (which was very helpful in explaining), after I ran the command with SYSTEM privileges, PowerShell threw this error at me:
I tried looking at the two files within 'profiles', but there was nothing which I was able to see. If you would like me to, I could send you the encrypted files.
Anyways, please help me to resolve this issue.
Best regards,
dudeman
The text was updated successfully, but these errors were encountered: