gentilkiwi
commented
5 years ago Just lock/unlock
Closed flyer-machine closed 5 years ago
gentilkiwi
commented
5 years ago Just lock/unlock
flyer-machine
commented
5 years ago Thank you for your quick reply. After locking the system (e.g. WIN+l) and unlocking the system it works alright. But the user has to enter his/her credentials again. What I was looking for was a way to avoid this and that the user has not to enter credentials again. Thank you, anyway.
gentilkiwi
commented
5 years ago As it's not stored somewhere in memory, this is not an option: it must be entered again :')
moaeddy
commented
5 years ago this does not exist in my registry win10 x64
UseLogonCredential
so how do i able to bring up (null) password
flyer-machine
commented
5 years ago this does not exist in my registry win10 x64
UseLogonCredential
so how do i able to bring up (null) password
Hello moaeddy,
if it's not there you can create it. It is described here: https://www.praetorian.com/blog/mitigating-mimikatz-wdigest-cleartext-credential-theft
moaeddy
commented
5 years ago after creating it and reboot, still having same issue. is there no way around for win10 ?
zeze-zeze
commented
3 years ago @moaeddy Did you find the answer?
Hi, retrieving the password on a current Win10 system works fine after changing the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential to '1'. But the system has to be rebooted or the user has to log off and log on again to make mimikatz work correctly. However if the system is not rebooted or the user not logs off and on again the retrived password is still null after changing the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest\UseLogonCredential to 1.
Is there a possibility to flush the credentials into memory without rebooting? Is there a command to do this manually?
Thank you very much for a hint.
Regards, Thomas