Closed 0xF81 closed 4 years ago
gentilkiwi
commented
6 years ago Never seen this kind of error.
Can you send:
version /full /cab
And a backup of registry files, as Admin (even privately if a not a test machine):
reg save HKLM\SYSTEM SystemBkup.hiv
reg save HKLM\SAM SamBkup.hiv
reg save HKLM\SECURITY SecBkup.hiv
0xF81
commented
6 years ago Here:
mimikatz 2.1.1 (arch x64) Windows NT 10.0 build 16299 (arch x64) msvc 150030729 207
lsasrv.dll : 10.0.16299.125 msv1_0.dll : 10.0.16299.19 tspkg.dll : 10.0.16299.15 wdigest.dll : 10.0.16299.15 kerberos.dll : 10.0.16299.15 dpapisrv.dll : 10.0.16299.15 cryptdll.dll : 10.0.16299.15 samsrv.dll : 10.0.16299.98 rsaenh.dll : 10.0.16299.15 ncrypt.dll : 10.0.16299.15 ncryptprov.dll : 10.0.16299.15 wevtsvc.dll : 10.0.16299.15 termsrv.dll : 10.0.16299.15
CAB: mimikatz_x64_sysfiles_16299 -> lsasrv.dll -> msv1_0.dll -> tspkg.dll -> wdigest.dll -> kerberos.dll -> dpapisrv.dll -> cryptdll.dll -> samsrv.dll -> rsaenh.dll -> ncrypt.dll -> ncryptprov.dll -> wevtsvc.dll -> termsrv.dll
And I cannot give you these files by 2 reasons:
I read some about one update for win7 that makes every program for dumping (I tried ophcrack) shows that every user have empty password (but that's not true of course). So, I think dumping hashes from these files are little more diffucult, but what's interesting, mimikatz found one hash for user what is the main administrator, maybe here I include a screenshot:
https://s5.postimg.cc/mli6luevr/mimi.png
As you can see, mimikatz found one hash for Administrator but couldn't find hash for J11 user, shows me that Error. Can you help?
0xF81
commented
6 years ago Please help! I really need the hash from this user and no other program than mimikatz can dump hashes after win7 security update!
0xF81
commented
6 years ago Anyone here? Please, I'm still waiting for help :/
I have a problem to dump hashes from SAM and SYSTEM file when I used lsadump::sam command, it shows me error as above. Any solution? Thanks