Having a buggy issue with mimikatz alpha 2.0 x64 and Windows 8.1 enterprise.
When using either procdump with sekurlsa::minidump… or mimikatz alone to pull lsass.exe… I do not get any passwords from a Windows 8.1 x64 system that has just been logged into. No errors, just « password: (null) » everywhere I would expect a password.
If I lock the system, and unlock using a password… then run procdump or mimikatz again… I DO get a correct password.
It seems the first logon password is not stored in lsass process memory, or not at the offset that mimikatz is looking. But subsequent credential input is properly retrieved (such as lock and unlock).
In Windows 7 x64… works perfectly. Can pull passwords from very first logon.