Open iptwLcP9 opened 6 years ago
Hello :)
Strange, it may indicate that I did not find correctly a variable.
Could you send output of:
version /full
and better:
version /cab
(only binaries inside)
Hi, thanks for reply.
Here's the cabinet file and the command output:
C:\Documents and Settings\Administrator\Desktop\mimikatz_trunk\Win32>mimikatz.exe
.#####. mimikatz 2.1.1 (x86) built on Aug 20 2018 01:53:40
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo) ** Kitten Edition **
## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
## \ / ## > http://blog.gentilkiwi.com/mimikatz
'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com )
'#####' > http://pingcastle.com / http://mysmartlogon.com ***/
mimikatz # version /full
mimikatz 2.1.1 (arch x86)
Windows NT 5.2 build 3790 (arch x86)
msvc 150030729 207
lsasrv.dll : 5.2.3790.3959
msv1_0.dll : 5.2.3790.3959
wdigest.dll : 5.2.3790.3959
kerberos.dll : 5.2.3790.3959
kdcsvc.dll : 5.2.3790.3959
cryptdll.dll : 5.2.3790.3959
samsrv.dll : 5.2.3790.3959
rsaenh.dll : 5.2.3790.3959
eventlog.dll : 5.2.3790.3959
termsrv.dll : 5.2.3790.3959
mimikatz #
I get an
ACCESS_VIOLATION
error then trying to dump credentials using the sekurlsa module.Version where the issue was found
Steps to reproduce
Administrator
privilegesmimikatz
debug
privilegeAdditional comments
Debugging
mimikatz
we can see that the issue is in the kuhl_m_sekurlsa_nt5_init function, when trying to write theg_cbRandomKey
global variable.