Par : TEKNOLOJİ : Bellekten Parolaların Elde Edilmesi – 2 | YÜKSEK STRATEJİ
[…] http://blog.gentilkiwi.com/mimikatz […]
View ArticlePar : alex
Excellent l’information pour le hash SHA1 DPAPI! Reste encore la question comment il est généré depuis Windows Vista, vu que ce n’est plus « simplement » SHA1(UNICODE(mot de passe))?
View ArticlePar : gentilkiwi
Ce qui est utilisé pour la dérivation reste le SHA1 du mot de passe. Tu peux le vérifier via <code>FMyPrimitiveSHA</code>, <code>GetBCryptProviderHandle(0x8004u, 0, 0)</code> et...
View ArticlePar : alex
Merci pour ces précisions, je vais regarder cela, ainsi que l’option sekurlsa::dpapi de plus près dès que j’en ai le temps ;-)
View ArticlePar : Using CVE 2013-5065 | s0ze.com
[…] Mimikatz: http://blog.gentilkiwi.com/mimikatz […]
View ArticlePar : Alberto
(sorry I write in English, mon français n’est pas très bon) I’ve seen that Windows 8.1 is supported in alpha 2.0 version. However, clear password dump is not available anymore. Is because of a new...
View ArticlePar : gentilkiwi
mimikatz dumps password when they’re in memory, when they’re not…. ;) Windows 8.1 does not keep passwords in memory as usual. Only LiveSSP as I’ve seen (or when you enable Credentials Delegations)
View ArticlePar : gentilkiwi
mimikatz dumps password when they’re in memory, when they’re not…. ;) Windows 8.1 does not keep passwords in memory as usual. Only LiveSSP as I’ve seen (or when you enable Credentials Delegations)
View ArticlePar : Joe V
Having a buggy issue with mimikatz alpha 2.0 x64 and Windows 8.1 enterprise. When using either procdump with sekurlsa::minidump… or mimikatz alone to pull lsass.exe… I do not get any passwords from a...
View ArticlePar : gentilkiwi
As you’ve seen, this is not a mimikatz issue ; Windows 8.1 does not store « by default » passwords in memory (see previous comment) Like in NT5 with Kerberos provider, some passwords fields are...
View ArticlePar : Derek M
I am using the new version. I try to export a certificate from the computer store, but cannot figure out how to change the store. Is there a way to do this? Thank you for the tool, -D mimikatz #...
View ArticlePar : gentilkiwi
you can use <code>/systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE</code> by example (and <code>/export</code> to export ;))
View ArticlePar : Michel
Has something changed with the new version? It used to work on my Win7 Enterprise 64bit, but suddenly not anymore. (running the 64bit version). It looks like the password is still hashed / encrypted.....
View ArticlePar : gentilkiwi
Hi Michel, Services passwords, computers passwords, and some others are not necessary « human readable ». Nobody type them ! so in some cases Windows generates random « binary » passwords ! In your...
View ArticlePar : Michel
Hello again! Thanks so much for the quick reply! This still leaves me with a couple of questions though: 1) I thought Mimikatz would look for the password stored in memory, which is supposed to be...
View ArticlePar : Michel
Mes excuses! J’ai vu que je peux encore retrouver le mot de passe avec la nouvelle version MK :) Vous pouvez supprimer mes deux commentaires si vous voulez. Merci de nouveau et bàt, Michel.
View ArticlePar : HackLab
[…] @thorsheim forwared question to @gentilkiwi, the dude behind mimikatz. A very short while after he had implemented this cool password extraction method in mimikatz. […]
View ArticlePar : Nono
Rançon de la gloire ? Symantec parle de « toi » : http://shaarli.m0le.net/?RRlrHQ :)
View Article