Hi, my apologies if I am missing something obvious, but I think there is an issue with the creddump7 package in Kali2019.4 installation.

Just for background, the original creddump was removed from the repo back in October2019. Looks like creddump7 is the newer package.

The problem is that when run against a SYSTEM and SAM file combination from a Windows machine (have tested Windows 10 v1607+ with the newer style AES hashing, as well as very old school WinXP System/SAM) using the command
# /usr/share/creddump7/pwdump.py [path to system] [path to sam]

you get an long traceback error that ends with
File "/usr/lib/python3/dist-packages/Crypto/Cipher/blockalgo.py", line 141, in __init__
self._cipher = factory.new (key, *args, **hwargs)

Curiously, if I install creddump7 from github using # git clone https://github/com/Neohapsis/creddump7 and then running the newly installed repository version of pwdump, it executes with no issues.

In my checking, there are definitely differences between the kali version and the github one. The Kali version references python 3, whereas the repo one does not explicitly say python 3. It also appears there are changes in the library/framework files that pwdump calls.

3815

Trying to get a better quality image of what is happening. Click here (https://imgur.com/a/KcDkrYn).

I tried this evening under Kali 2020.1 to see if it was by chance fixed in the new release. It is not changed, unfortunately - pwdump.py as installed still not working when running from the LiveCD, still with an error.

One other note for anyone else who runs across this problem. You can still fix it by using the Neohapsis creddump7 program, but there is an extra wrinkle in 2020.1. When you try and run that version you will see an error that states "ImportError: No module named Crypto.Hash". This is referenced in line 27 of framework/win32/hashdump.py.

To fix that issue:
# apt-get update
# apt-get install python-pip
# pip install pycrypto

If anyone is reading, any other ideas on the root issue? At this point it legitimately feels more like a bug than an error..Is the best bet to submit a bug report? Sorry if that is a stupid question.

the problem still exist and not fixed yet

Hello,

i get error at this step as well running latest version 2020.2 of Kali Linux "hypervisor" version.
Extracted from Win2k16 AD running lastest patches.

3953


Following these guides:
https://www.linkedin.com/pulse/extracting-ntdsdit-file-from-active-directory-rajivarnan-r/
https://blog.ropnop.com/extracting-hashes-and-domain-info-from-ntds-dit/

installed pip3 with "sudo apt install python3-pip"
and when trying to install pycrypto with "pip3 install pycrypto"



thanks

hi
I had the same error and I may have found a solution.
You have to edit the blockalgo.py file with vim and go to the error:

on the line 141: self._cipher = factory.new (key, *args, **hwargs)
replace "key" with "bytes(key)" and save.
Now it should work


I had he same error and I may have found a solutionI had the same error and I may have found a solution

hi
I may have found a solution.
you have to edit the blockalgo.py file with vim and go to line 141 where the error is located.
replace "key" with "bytes(key)"
and now it should work.