Fix failure in secrets dump edge case

smashery · Nov 19, 2024 · 70b76ff · 70b76ff
1 parent e6615d3
commit 70b76ff
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/modules/auxiliary/gather/windows_secrets_dump.rb b/modules/auxiliary/gather/windows_secrets_dump.rb
@@ -720,7 +720,13 @@ def decrypt_supplemental_info(dcerpc_client, result, attribute_value)
     result[:kerberos_keys] = []
     result[:clear_text_passwords] = {}
     plain_text = dcerpc_client.decrypt_attribute_value(attribute_value)
-    user_properties = RubySMB::Dcerpc::Samr::UserProperties.read(plain_text)
+    begin
+      user_properties = RubySMB::Dcerpc::Samr::UserProperties.read(plain_text)
+    rescue IOError
+      # May be no kerberos keys e.g. due to password reset
+      vprint_warning('Unable to read supplemental credentials')
+      return
+    end
     user_properties.user_properties.each do |user_property|
       case user_property.property_name.encode('utf-8')
       when 'Primary:Kerberos-Newer-Keys'