search

gentilkiwi / mimikatz

A little tool to play with Windows security
http://blog.gentilkiwi.com/mimikatz
19.5k stars 3.74k forks source link

Can't decrypt a Masterkey #302

Closed juppia closed 4 years ago

juppia commented 4 years ago

Hello. I have a problem with decryption a masterkey. A masterkey was created with a user account that doesn't have a password. So I can't decrypt it because it wasn't encrypted with a password. I'd tried to get user hash:

RID  : 000003eb (1003)
User : foo
Hash NTLM: 31d6cfe0d16ae931b73c59d7e0c089c0

Then I've tried to decrypt a masterkey:

dpapi::masterkey /in:path-to-masterkey /sid:usersid /hash:31d6cfe0d16ae931b73c59d7e0c089c0

and I get this error:

ERROR kuhl_m_dpapi_masterkey ; kull_m_dpapi_unprotect_masterkey_with_userHash

I also tried with /protected flag but also nothing. I don't know what password/hash/something else I need to use to decrypt this masterkey.

juppia commented 4 years ago

I decrypted masterkey using da39a3ee5e6b4b0d3255bfef95601890afd80709 blank SHA1 hash. Closed.