search

gentilkiwi / mimikatz

A little tool to play with Windows security
http://blog.gentilkiwi.com/mimikatz
19.1k stars 3.65k forks source link

ERROR kuhl_m_lsadump_changentlm_callback #201

Closed johnjohnsp1 closed 5 years ago

johnjohnsp1 commented 5 years ago

Hello Benjamin, within the lastest build of mimikatz:

mimikatz # version

mimikatz 2.2.0 (arch x64) Windows NT 10.0 build 14393 (arch x64) msvc 191627030 1

mimikatz # version /full

mimikatz 2.2.0 (arch x64) Windows NT 10.0 build 14393 (arch x64) msvc 191627030 1

lsasrv.dll : 10.0.14393.2828 msv1_0.dll : 10.0.14393.2879 tspkg.dll : 10.0.14393.2273 wdigest.dll : 10.0.14393.0 kerberos.dll : 10.0.14393.2724 dpapisrv.dll : 10.0.14393.1358 kdcsvc.dll : 10.0.14393.2580 cryptdll.dll : 10.0.14393.0 lsadb.dll : 10.0.14393.0 samsrv.dll : 10.0.14393.2724 rsaenh.dll : 10.0.14393.2457 ncrypt.dll : 10.0.14393.2457 ncryptprov.dll : 10.0.14393.2363 wevtsvc.dll : 10.0.14393.2608 termsrv.dll : 10.0.14393.2906

i still have a problem with:

mimikatz # privilege::debug Privilege '20' OK

mimikatz # lsadump::changentlm /server:dchome.home.local /user:maestro /oldpassword:Zaq12wsx! /newpassword:i OLD NTLM : 2a7edf764ebb67ab38f58ab12a1cee50 NEW NTLM : f9e76a20a4ad2e31e26f0f2f3926bd48

Target server: dchome.home.local Target user : maestro Domain name : HOME Domain SID : S-1-5-21-3037765257-852608323-3757036468 User RID : 1605 ERROR kuhl_m_lsadump_changentlm_callback ; Bad new NTLM hash or password! (restriction)

have a couple of question: -Possible i do something wrong ? ( i have seen and did the same step you did on video posted) -lsadump::changentlm works only within a domain enviroment or can be used also locally ?

thanks

johnjohnsp1 commented 5 years ago

as another try i did also:

mimikatz # lsadump::changentlm /server:dchome.home.local /rid:1605 /oldpassword:Zaq12wsx! /newpassword:waza1234/ OLD NTLM : 2a7edf764ebb67ab38f58ab12a1cee50 NEW NTLM : cc36cf7a8514893efccd332446158b1a

Target server: dchome.home.local Target RID : 1605 Domain name : HOME Domain SID : S-1-5-21-3037765257-852608323-3757036468 User RID : 1605 ERROR kuhl_m_lsadump_changentlm_callback ; Bad new NTLM hash or password! (restriction)

but sadly same error :(

gentilkiwi commented 5 years ago

By default on a Windows domain, user cannot change its password more than 1x/day. (despite the method)

johnjohnsp1 commented 5 years ago

Thanks for the reply, suppose lsadump::setntlm works different and can be used more than 1/day ? since that is working :) ?

Il giorno 16 apr 2019, alle ore 20:20, Benjamin DELPY notifications@github.com ha scritto:

By default on a Windows domain, user cannot change its password more than 1x/day. (despite the method)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/gentilkiwi/mimikatz/issues/201#issuecomment-483788010, or mute the thread https://github.com/notifications/unsubscribe-auth/ABzSVw4twlSP9UVjVd3MdKNw3Th1gYzRks5vhhSBgaJpZM4cyKSi.

gentilkiwi commented 5 years ago

Exactly, setntlm is for operators/administrator reseting passwords of users. (it does not make the same event)

johnjohnsp1 commented 5 years ago

thanks benjamin for the fast reply, i just don't understand why even on the first try i got the error. anyways will retry later .. its just a testing environment its just to figure out it works

regards Luca

Il giorno 16 apr 2019, alle ore 21:17, Benjamin DELPY notifications@github.com ha scritto:

Exactly, setntlm is for operators/administrator reseting passwords of users. (it does not make the same event)

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/gentilkiwi/mimikatz/issues/201#issuecomment-483807830, or mute the thread https://github.com/notifications/unsubscribe-auth/ABzSVz-k_Vc6ycwHEDKX-fZHpE4yj84Tks5vhiHggaJpZM4cyKSi.

NoPurposeInLife commented 5 years ago

Facing the same problem, is there any help on this? target windows is Windows Server 2016