Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mimikatz on Windows 11 with/without Credential Guard #425

Open
omrirefaeli opened this issue Apr 27, 2023 · 5 comments
Open

Mimikatz on Windows 11 with/without Credential Guard #425

omrirefaeli opened this issue Apr 27, 2023 · 5 comments

Comments

@omrirefaeli
Copy link

omrirefaeli commented Apr 27, 2023
edited

Hey!

I looked at previous issues and couldn't find a definitive answer to these 2 questions:

  1. Does Mimikatz (Trunk) work on a machine with Credential Guard activated?
  2. Does Mimikatz work on a Windows 11 machine?

I tried both and couldn't get the sekurlsa::logonpasswords plugin to work. Was looking for an answer or should I keep trying?

Thanks!
@rakbladsvalsen
Copy link

mimikatz no longer works even on recent versions of IWindows 10.

@ebalo55
Copy link

ebalo55 commented Oct 20, 2023

This pull request #432 may be the fix we're all looking for.
I've tested the code from the above-linked pull request, apart from the required modification to the built environment in order to target W11, it works like a charm, tested in the latest W11 fully patched.

Compiling from sources requires Visual Studio, perfectly fine with the latest community 2022 release.
Required modification in order to compile from sources:

  • Install MSVC for your compiler version (mine was the latest)
  • Retarget the project to your compiler version
  • Disable treating warnings as errors

Then compile ONLY the "mimikatz" sub-project as the other are not needed and requires further compilation effort.

@BubbleMaker2089
Copy link

Unfortunately, even after PR#432 it does not return sha1.

@ebalo55
Copy link

ebalo55 commented Oct 23, 2023 via email

@BubbleMaker2089
Copy link

But it does NTLM (at the moment), as a red teamer that's even better Il lun 23 ott 2023, 16:22 BubbleMaker2089 @.> ha scritto:

Unfortunately, even after PR#432 it does not return sha1. — Reply to this email directly, view it on GitHub <#425 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ADAA3DAVGGAETYCAKWLYIO3YAZ4R5AVCNFSM6AAAAAAXN4KUFCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTONZVGMYTONZWHA . You are receiving this because you commented.Message ID: @.>

But is it possible to decrypt specific masterkey using NTLM hash retrieved from sekurlsa::logonpasswords? It does not work on both Win10 and Win11 the last time I checked.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ebalo55 @rakbladsvalsen @omrirefaeli @BubbleMaker2089