search

gentilkiwi / mimikatz

A little tool to play with Windows security
http://blog.gentilkiwi.com/mimikatz
19.47k stars 3.73k forks source link

tspkg: password is a sequence of bytes #238

Open llebout opened 5 years ago

llebout commented 5 years ago

Hello, I've been looking around but could not find an explanation to this.

tspkg credentials
=================

Username       Domain  Password
--------       ------  --------
Administrator  XXX    c8 a7 cb 40 3c c2 5f 3f 01 ec 7e 7f 10 55 e9 e7 ad 35 9d f8 09 34 10 9c 82 12 d4 24 91 1f 79 8c 2e ea fd b3 7c 9c ac 79

Sometimes I get a sequence of bytes, sometimes I get the actual password, same permissions, same machine, is that normal and what does it mean?

Machine info:

Computer        : XXX
OS              : Windows 2008 R2 (6.1 Build 7601, Service Pack 1).
Architecture    : x64
System Language : fr_FR
Domain          : XXX
Logged On Users : 2
Meterpreter     : x64/windows

Mimikatz info:

meterpreter > kiwi_cmd version

mimikatz 2.1.1 (arch x64)
Windows NT 6.1 build 7601 (arch x64)
msvc 180031101 0

Thank you

gentilkiwi commented 5 years ago

It will be difficult for me if you don't test it with mimikatz. If you can't use it on the system, dump lsass.dmp and do it offline on your computer.

llebout commented 5 years ago

It will be difficult for me if you don't test it with mimikatz. If you can't use it on the system, dump lsass.dmp and do it offline on your computer.

Note that the results are identical through Mimikatz or the Metasploit's meterpreter.