Metasploit mailing list archives

Re: Kitrap0d question

From: HD Moore <hdm () metasploit com>
Date: Fri, 29 Jan 2010 12:55:36 -0600

On 1/29/2010 11:22 AM, igor ransack wrote:

It seems even with NT Authority System privileges under both vista and 7
, hashdump ( under priv ) as well as the  run hasdump module are still
giving me error 87
[ [-] priv_passwd_get_sam_hashes: Operation failed: 87 ]

I was wondering if anyone managed to successfully hashdump vs Vista or
Windows 7 so far using Metasploit.



Good question - I reproduced this, but have no idea why this is the
case. The security permissions on those keys should allow SYSTEM to read
them.

N.B :: Migrate to explorer.exe or any kind of migrate as of todays build
entirely breaks the session stream. Possibly related but I doubt it.


Migrate has now been fixed

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

Current thread:

Kitrap0d question igor ransack (Jan 28)
- Re: Kitrap0d question Pavel Jirout (Jan 29)
  - Re: Kitrap0d question igor ransack (Jan 29)
    - Re: Kitrap0d question HD Moore (Jan 29)
    - Re: Kitrap0d question HD Moore (Jan 29)
- Re: Kitrap0d question c0lists (Jan 29)
- <Possible follow-ups>
- Re: Kitrap0d question jeffs (Jan 29)
  - Re: Kitrap0d question HD Moore (Jan 29)