Inconsistent behavior between add_samhash and save_to_db #129
Description
Description:
While digging into the database logic, I noticed that add_samhash and save_to_db don’t quite line up in how they handle SAM entries.
And so I got an error like
Added debug:
Verbose error:
How to fix
From what I observed:
- The
add_samhashfunction expectssam_entryto be a SAM-formatted string (likeusername:rid:lmhash:nthash:...) that it will parsed by himself. - The
add_secretexpectsam_entryto be a Dict as it does pass arg likesam_entry["username"].
So I decided to make use of the fact that add_samhash already parses the string, I made it return the resulting dict and used that dict directly in save_to_db.
Not sure if this is the “intended” design, but it works.
Functions changed
To fix I change both functions like shown below.
In add_samhash()
def add_samhash(self, samstring, computer):
computer_id= self.get_computer(computer).id
username, rid, lmhash, nthash, _, _, _ = samstring.split(":")
sam_entry = {
"rid": rid,
"username": username,
"lmhash": lmhash,
"nthash": nthash,
"computerid": computer_id,
}
[...]
try:
q = Insert(self.SamHashesTable)
self.conn.execute(q, [sam_entry])
donpapi_logger.debug(f"add_samhash(samstring={samstring}, computer={computer})")
except Exception as e:
donpapi_logger.debug(f"Issue while inserting SAM hash into db: {e}")
return sam_entryIn save_to_db()
for sam_str in self.items_found.values():
sam_entry = db.add_samhash(sam_str, hostname)
db.add_secret(computer=hostname,collector="SAM",windows_user="SYSTEM",username=sam_entry["username"],password=sam_entry["nthash"],program="SAM")Summary:
This small change keeps save_to_db simple and consistent, while keeping all parsing logic inside add_samhash.
Happy to adjust if there’s a preferred pattern for how data should flow between those two functions.
PS: Merci pour le tool, il est génial !