From 70b76ffef33bb03251a2f80bbb6c6882c39b5f8c Mon Sep 17 00:00:00 2001
From: Ashley Donaldson <smashery@gmail.com>
Date: Wed, 20 Nov 2024 07:31:21 +1100
Subject: [PATCH] Fix failure in secrets dump edge case

---
 modules/auxiliary/gather/windows_secrets_dump.rb | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/modules/auxiliary/gather/windows_secrets_dump.rb b/modules/auxiliary/gather/windows_secrets_dump.rb
index 940b1f4ebe9e..5012bc2789ca 100644
--- a/modules/auxiliary/gather/windows_secrets_dump.rb
+++ b/modules/auxiliary/gather/windows_secrets_dump.rb
@@ -720,7 +720,13 @@ def decrypt_supplemental_info(dcerpc_client, result, attribute_value)
     result[:kerberos_keys] = []
     result[:clear_text_passwords] = {}
     plain_text = dcerpc_client.decrypt_attribute_value(attribute_value)
-    user_properties = RubySMB::Dcerpc::Samr::UserProperties.read(plain_text)
+    begin
+      user_properties = RubySMB::Dcerpc::Samr::UserProperties.read(plain_text)
+    rescue IOError
+      # May be no kerberos keys e.g. due to password reset
+      vprint_warning('Unable to read supplemental credentials')
+      return
+    end
     user_properties.user_properties.each do |user_property|
       case user_property.property_name.encode('utf-8')
       when 'Primary:Kerberos-Newer-Keys'