gentilkiwi
commented
5 years ago Is the 2012 R2 fully up to date ?
Do not hesitate to post resul/file of version /full /cab
Open rajivvss opened 5 years ago
gentilkiwi
commented
5 years ago Is the 2012 R2 fully up to date ?
Do not hesitate to post resul/file of version /full /cab
Raikia
commented
5 years ago Same issue
LaZyDK
commented
4 years ago mimikatz # privilege::debug Privilege '20' OK
mimikatz # sekurlsa::logonpasswords ERROR kuhl_m_sekurlsa_acquireLSA ; Modules informations
mimikatz # version /full /cab
mimikatz 2.2.0 (arch x64) Windows NT 10.0 build 18363 (arch x64) msvc 150030729 207
lsasrv.dll : 10.0.18362.387 msv1_0.dll : 10.0.18362.476 tspkg.dll : 10.0.18362.1 wdigest.dll : 10.0.18362.175 kerberos.dll : 10.0.18362.387 dpapisrv.dll : 10.0.18362.387 cryptdll.dll : 10.0.18362.113 samsrv.dll : 10.0.18362.267 rsaenh.dll : 10.0.18362.1 ncrypt.dll : 10.0.18362.1 ncryptprov.dll : 10.0.18362.295 wevtsvc.dll : 10.0.18362.329 termsrv.dll : 10.0.18362.267
CAB: mimikatz_x64_sysfiles_18363 -> lsasrv.dll -> msv1_0.dll -> tspkg.dll -> wdigest.dll -> kerberos.dll -> dpapisrv.dll -> cryptdll.dll -> samsrv.dll -> rsaenh.dll -> ncrypt.dll -> ncryptprov.dll -> wevtsvc.dll -> termsrv.dll
NAs3c
commented
4 years ago Hi there,
Encountered the same issue last week with the same mimikatz/win dlls/cabs version as LaZyDK :
Just adding that I thought it could be related to lsass.exe protection for not-UID500-users so I tried running the mimidrv but still the same problem arose :
sho-luv
commented
4 years ago Anybody figure out a workaround? I even tried to load the dump in WinDbg with minilib.dll and I was still not able to dump the information...
Using 'mimikatz.log' for logfile : OK
mimikatz # version /full /cab
mimikatz 2.2.0 (arch x64) Windows NT 10.0 build 18362 (arch x64) msvc 150030729 207
lsasrv.dll : 10.0.18362.657 msv1_0.dll : 10.0.18362.476 tspkg.dll : 10.0.18362.1 wdigest.dll : 10.0.18362.175 kerberos.dll : 10.0.18362.752 dpapisrv.dll : 10.0.18362.387 cryptdll.dll : 10.0.18362.113 samsrv.dll : 10.0.18362.752 rsaenh.dll : 10.0.18362.1 ncrypt.dll : 10.0.18362.1 ncryptprov.dll : 10.0.18362.295 wevtsvc.dll : 10.0.18362.752 termsrv.dll : 10.0.18362.657
CAB: mimikatz_x64_sysfiles_18362 -> lsasrv.dll -> msv1_0.dll -> tspkg.dll -> wdigest.dll -> kerberos.dll -> dpapisrv.dll -> cryptdll.dll -> samsrv.dll -> rsaenh.dll -> ncrypt.dll -> ncryptprov.dll -> wevtsvc.dll -> termsrv.dll
mimikatz #
vvl-code
commented
3 years ago mimikatz # privilege::debug Privilege '20' OK
mimikatz # sekurlsa::credman ERROR kuhl_m_sekurlsa_acquireLSA ; Modules informations
mimikatz # sekurlsa::logonpasswords ERROR kuhl_m_sekurlsa_acquireLSA ; Modules informations
mimikatz # version /full /cab
mimikatz 2.2.0 (arch x64) Windows NT 10.0 build 19042 (arch x64) msvc 150030729 207
SecureKernel is running Credential Guard may be running
lsasrv.dll : 10.0.19041.610 msv1_0.dll : 10.0.19041.610 tspkg.dll : 10.0.19041.264 wdigest.dll : 10.0.19041.388 kerberos.dll : 10.0.19041.630 dpapisrv.dll : 10.0.19041.546 cryptdll.dll : 10.0.19041.546 samsrv.dll : 10.0.19041.662 rsaenh.dll : 10.0.19041.546 ncrypt.dll : 10.0.19041.662 ncryptprov.dll : 10.0.19041.662 wevtsvc.dll : 10.0.19041.662 termsrv.dll : 10.0.19041.662
CAB: mimikatz_x64_sysfiles_19042 -> lsasrv.dll -> msv1_0.dll -> tspkg.dll -> wdigest.dll -> kerberos.dll -> dpapisrv.dll -> cryptdll.dll -> samsrv.dll -> rsaenh.dll -> ncrypt.dll -> ncryptprov.dll -> wevtsvc.dll -> termsrv.dll
mimikatz #
valydumitru01
commented
2 years ago mimikatz # sekurlsa::credman ERROR kuhl_m_sekurlsa_acquireLSA ; Modules informations
mimikatz # sekurlsa::logonpasswords ERROR kuhl_m_sekurlsa_acquireLSA ; Modules informations
mimikatz # privilege::debug Privilege '20' OK
mimikatz # version /full /cab
mimikatz 2.2.0 (arch x64) Windows NT 10.0 build 19044 (arch x64) msvc 150030729 207
lsasrv.dll : 10.0.19041.1620 msv1_0.dll : 10.0.19041.1469 tspkg.dll : 10.0.19041.1466 wdigest.dll : 10.0.19041.388 kerberos.dll : 10.0.19041.1645 dpapisrv.dll : 10.0.19041.1566 cryptdll.dll : 10.0.19041.546 samsrv.dll : 10.0.19041.1566 rsaenh.dll : 10.0.19041.1052 ncrypt.dll : 10.0.19041.662 ncryptprov.dll : 10.0.19041.1620 wevtsvc.dll : 10.0.19041.1566 termsrv.dll : 10.0.19041.1620
CAB: mimikatz_x64_sysfiles_19044 -> lsasrv.dll -> msv1_0.dll -> tspkg.dll -> wdigest.dll -> kerberos.dll -> dpapisrv.dll -> cryptdll.dll -> samsrv.dll -> rsaenh.dll -> ncrypt.dll -> ncryptprov.dll -> wevtsvc.dll -> termsrv.dll
Kindly suggest. server 2012 R2 Builed 9600
error code ERROR kuhl_m_sekurlsa_acquireLSA ; Modules informations