wadeiam
commented
2 years ago Did you ever find a solution to this? Seems like a lot of folks have the same problem, but no one has a solution.
Open confuseduser2 opened 3 years ago
wadeiam
commented
2 years ago Did you ever find a solution to this? Seems like a lot of folks have the same problem, but no one has a solution.
confuseduser2
commented
2 years ago Did you ever find a solution to this? Seems like a lot of folks have the same problem, but no one has a solution.
Oops didn't mean to close the issue. But yes I eventually figured out how to solve my problem. I did two things but I think only the first one is needed although I am not sure. First I disabled TMP 2.0 in the BIOS and secondly I downgraded to an earlier version of windows 10 and I was able to get the key with no issues.
bezik46
commented
2 years ago That was rather DRASTIC "solution"!
confuseduser2
commented
2 years ago That was rather DRASTIC "solution"!
Do you have a solution to the problem then? Be my guest.
hubert3
commented
2 years ago @confuseduser2 The error you get from crypto::cng means that patching was unsuccessful so export will not work after that. Check my fork of mimikatz which was updated to support crypto::cng patching on Windows build 20H2 / 19042.
Hello,
I tried exporting a cng key with these commands
privilege::debug crypto::cng crypto::certificates
after running crypto::cng I get this error: ERROR kull_m_patch_genericProcessOrServiceFromBuild ; kull_m_patch (0x00000000)
And after trying: crypto::certificates /export I get this error ERROR kull_m_crypto_exportPfx ; PFXExportCertStoreEx (0x8009000b)
These are my version details:
mimikatz # version /full
mimikatz 2.2.0 (arch x64) Windows NT 10.0 build 19042 (arch x64) msvc 150030729 207
lsasrv.dll : 10.0.19041.610 msv1_0.dll : 10.0.19041.610 tspkg.dll : 10.0.19041.264 wdigest.dll : 10.0.19041.388 kerberos.dll : 10.0.19041.630 dpapisrv.dll : 10.0.19041.546 cryptdll.dll : 10.0.19041.546 samsrv.dll : 10.0.19041.630 rsaenh.dll : 10.0.19041.546 ncrypt.dll : 10.0.19041.546 ncryptprov.dll : 10.0.19041.546 wevtsvc.dll : 10.0.19041.388 termsrv.dll : 10.0.19041.84
To my knowledge Windows Defender should be disabled because the program was able to run in the first place when it wasn't able to till I changed the local group policy editor to disable windows defender. Any help would be appreciated!