From 32e95b4f93d0add586660e1855a3cd3adf3146df Mon Sep 17 00:00:00 2001
From: sixdub <justin@sixdub.net>
Date: Mon, 24 Aug 2015 18:42:32 -0400
Subject: [PATCH] Fixed credential parsing bug

---
 changelog             | 1 +
 lib/common/helpers.py | 7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/changelog b/changelog
index 55c1ede..13f190a 100644
--- a/changelog
+++ b/changelog
@@ -5,6 +5,7 @@
 -Added /sids argument for credentials/mimikatz/golden_ticket
 -Added credential parsing for dcsync output
 -updated links for PowerTools
+-Fixed bug in credential parsing with ":" inside of the password,username, or domain
 
 8/20/2015
 ---------
diff --git a/lib/common/helpers.py b/lib/common/helpers.py
index 8635d08..ce906c6 100644
--- a/lib/common/helpers.py
+++ b/lib/common/helpers.py
@@ -244,11 +244,12 @@ def parse_mimikatz(data):
             for line in lines2:
                 try:
                     if "Username" in line:
-                        username = line.split(":")[1].strip()
+                        username = line.split(":",1)[1].strip()
                     elif "Domain" in line:
-                        domain = line.split(":")[1].strip()
+                        domain = line.split(":",1)[1].strip()
                     elif "NTLM" in line or "Password" in line:
-                        password = line.split(":")[1].strip()
+                        print line.split(":")
+                        password = line.split(":",1)[1].strip()
                 except:
                     pass