w4rguy
commented
4 years ago You're invoking an old version of Mimikatz, which doesn't work on W10 systems.
Have a look into this fix by @mr64bit in the dev branch: https://github.com/EmpireProject/Empire/issues/1293
Empire Version
https://github.com/EmpireProject/Empire/blob/7a39a55f127b1aeb951b3d9d80c6dc64500cacb5/data/module_source/credentials/Invoke-Mimikatz.ps1
OS Information (Linux flavor, Python version)
Windows 10 64bit Powershell ISE Running as administrator
Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.
When I run this command as admin I get an error about LSA and no passwords are logged, only errors are logged. Invoke-Mimikatz -Command "privilege::debug sekurlsa::logonpasswords log"
Do I need to load a module? What module do I need? and what do I type to fix it please?
Screenshot of error, embedded text output, or Pastebin link to the error
`mimikatz> Invoke-Mimikatz -Command "privilege::debug sekurlsa::logonpasswords log" Hostname: MSI / S-1-5-21-3562789587-2356634857-3017622501
.#####. mimikatz 2.1.1 (x64) built on Aug 3 2018 17:05:14 - lil! .## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
/ \ ## /*** Benjamin DELPY
gentilkiwi( benjamin@gentilkiwi.com )\ / ## > http://blog.gentilkiwi.com/mimikatz
'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com ) '#####' > http://pingcastle.com / http://mysmartlogon.com ***/
mimikatz(powershell) # privilege::debug Privilege '20' OK
mimikatz(powershell) # sekurlsa::logonpasswords ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list
mimikatz(powershell) # log Using 'mimikatz.log' for logfile : OK`
Any additional information
I'm running as admin Ive also tried Invoke-Mimikatz -Command "privilege::debug sekurlsa::logonpasswords log sekurlsa.log" but the same error and name of the log file also does not change from mimikatz.log to sekurlsa.log and still no passwords are logged.