Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue when executing "pypykatz lsa minidump lsass.DMP" #123

Open
RomanY467 opened this issue Mar 31, 2023 · 4 comments
Open

Issue when executing "pypykatz lsa minidump lsass.DMP" #123

RomanY467 opened this issue Mar 31, 2023 · 4 comments

Comments

@RomanY467
Copy link

When attempting to parse credentials from the "lsass.DMP" memory dump file using the command "pypykatz lsa minidump lsass.DMP", the pypykatz tool appears to have a memory leak issue. It keeps consuming more and more memory without parsing any credentials. This problem persists even after waiting for an extended period of time. However, parsing the same dump file using Mimikatz works fine.
Same problem on kali linux through VM.
Environment:
Macbook air M1 8GB RAM
Operating System: macOS Ventura 13.2
Python version: 3.11.2
pypykatz version: 0.6.6
pypykatz
@RomanY467 RomanY467 changed the title Memory leak issue when executing "pypykatz lsa minidump lsass.DMP" Issue when executing "pypykatz lsa minidump lsass.DMP" Mar 31, 2023
@skelsec
Copy link
Owner

skelsec commented Apr 30, 2023

Hello,
I have not yet encountered this issue myself, if you could share a minidump file with me which would help reproducing this issue it might help solving the problem.
Another test case that you could perform is: can you try running the same command on the same dumpfile but on a PC? Or a Mac that is not using ARM? Reason I'm asking is that there has been already an issue submitted with the cryptography library on M1s which potentially (no likely but who knows) could cause issues.

@RomanY467
Copy link
Author

lsass.DMP.zip

Hello,
I have not yet encountered this issue myself, if you could share a minidump file with me which would help reproducing this issue it might help solving the problem.
Another test case that you could perform is: can you try running the same command on the same dumpfile but on a PC? Or a Mac that is not using ARM? Reason I'm asking is that there has been already an issue submitted with the cryptography library on M1s which potentially (no likely but who knows) could cause issues.

I used this minidump and extracted credentials using Mimikatz without encountering any issues.

@skelsec
Copy link
Owner

skelsec commented May 31, 2023

Thanks for the dump.
this is super-interesting! it seems that it's not a pypykatz rather a minidump issue. No worries, I'm also the author of that one :)
Will come back soon with a solution.
Side note: mimikatz uses windows' built-in parser for minidump files so ovbiously it doesn't have a problem with these

@aparker4j
Copy link

Thanks for the dump. this is super-interesting! it seems that it's not a pypykatz rather a minidump issue. No worries, I'm also the author of that one :) Will come back soon with a solution. Side note: mimikatz uses windows' built-in parser for minidump files so ovbiously it doesn't have a problem with these

I've also discovered this issue when utilizing pypykatz on my kali linux VM. It cooks for a few minutes with about 20% memory usage and then skyrokets to 100% and promptly crashes the VM. Have you discovered the cause of this or a means to work around this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@skelsec @RomanY467 @aparker4j