erwan2212
commented
4 years ago You need to run the app as administrator.
Execute NTHASH-win64 /context and report here the output.
Closed Papotito123 closed 4 years ago
erwan2212
commented
4 years ago You need to run the app as administrator.
Execute NTHASH-win64 /context and report here the output.
Papotito123
commented
4 years ago Hello: I did what you ask and this is the result;
C:\Users\TESTACCOUNT\Downloads\NTHASH-FPC\NTHASH-FPC-master\NTHASH-FPC-master\NTHASH>NTHASH-win64.exe /context
Access is denied.
And also there's the blue messagge: This app can't run in your PC. To find a version for your PC,check with the software publisher.
All my user accounts are Administrator.
I verify via netplwiz and TESACCOUNT is in group of Administrators.
So I re-download and extracted again.
This time run well NTHASH-win64.exe /context; C:\Users\TESTACCOUNT\Downloads\NTHASH-FPC\NTHASH-FPC-master\NTHASH-FPC-master\NTHASH>NTHASH-win64.exe /context NTHASH 1.8 x64 by erwan2212@gmail.com Windows Version:10.0.17763-1809 Architecture:AMD64 Username:TESTACCOUNT IsAdministratorAccount:True IsElevated:True DebugPrivilege:True LSASS PID:836
And get some other commands to run well(/getusers,/dumpsam /system,/getsamkey /system,NTHASH-win64.exe /getsyskey /system,/wdigest /system and some others) Then all of a sudden , all commands I ran got the blue messagge:This app can't run in your PC.To find a version for your PC,check with the software publisher.
I tested with Avast(all shields) Disabled and with Avast Enabled and always got the blue messagge with any command.
Is a bit confusing. With Avast Disabled I ran lazagne and mimikatz and did well.
Thanks for any idea.
Papotito123
commented
4 years ago Hello: I don't understand why I have to re-download NTHASH.zip to get it works without (This app can't run in your PC.To find a version for your PC,check with the software publisher) error.
But I deal with it.
Thanks.
erwan2212
commented
4 years ago Hello: I don't understand why I have to re-download NTHASH.zip to get it works without (This app can't run in your PC.To find a version for your PC,check with the software publisher) error.
But I deal with it.
Thanks.
Looks like you have an AV either stripping off the file or blacklisting it after you have run a few commands? Which would not be a surprise since nthash clearly does things that most AV or EDR will dislike.
Hello: Windows 10 1809 x64. OSBuild 17763.1098 wdigest is Enabled. Avast av is turned OFF. Testing your tool I encountered some issues.
C:\Users\TESTACCOUNT\Downloads\NTHASH-FPC\NTHASH-FPC-master\NTHASH-FPC-master\NTHASH>NTHASH-win64.exe /wdigest /system Access is denied.
C:\Users\TESTACCOUNT\Downloads\NTHASH-FPC\NTHASH-FPC-master\NTHASH-FPC-master\NTHASH>NTHASH-win32.exe /wdigest /system NTHASH 1.8 x32 by erwan2212@gmail.com impersonatepid NOT OK findlsakeys failed
C:\Users\TESTACCOUNT\Downloads\NTHASH-FPC\NTHASH-FPC-master\NTHASH-FPC-master\NTHASH>NTHASH-win64.exe /getlsakeys /system Access is denied.
C:\Users\TESTACCOUNT\Downloads\NTHASH-FPC\NTHASH-FPC-master\NTHASH-FPC-master\NTHASH>NTHASH-win32.exe /getlsakeys /system NTHASH 1.8 x32 by erwan2212@gmail.com impersonatepid NOT OK
Before throwing these errors ,there's a blue messagee: This app can't run in your PC. To find a version for your PC,check with the software publisher.
Thanks for your support.