gentilkiwi
commented
4 years ago Without details about your commands and the output, will be hard :)
Closed bezik46 closed 4 years ago
gentilkiwi
commented
4 years ago Without details about your commands and the output, will be hard :)
bezik46
commented
4 years ago crypto::cng ERROR kull_m_patch_genericProcessOrServiceFromBuild ; kull_m_patch (0x00000005)
Obviously I can not "remove" Defender, all I can do is to stop the service (unless you know something else)
gentilkiwi
commented
4 years ago The command line and the output of your command (to export)
bezik46
commented
4 years ago Used this to stop defender: https://pastebin.com/hLsCCZQY
`mimikatz # crypto::cng ERROR kull_m_patch_genericProcessOrServiceFromBuild ; OpenProcess (0x00000005)
mimikatz # crypto::certificates /store:my /export
Store : 'my'
mimikatz #`
gentilkiwi
commented
4 years ago Use: privilege::debug before, like in https://github.com/gentilkiwi/mimikatz/wiki/module-~-crypto#cng
bezik46
commented
4 years ago Nice, that with usage of the toggledefender.bat makes the .pfx export perfectly fine!
Only get: KO - ERROR kuhl_m_crypto_exportCert ; Export / CreateFile (0x8009000b)
Windows Defender service is stopped (using nsudo as TrustedInstaller)
Trying to export user certificate with NO exportable key
During tries I got it just once (and never again, with multiple reboots): mimikatz # crypto::cng "KeyIso" service patched
Each next time it failed to do so
but even when it patched (that once) it failed to export key. Anything to do with TPM possibly?