cloudap support for versions > 1909

gentilkiwi / mimikatz

A little tool to play with Windows security

http://blog.gentilkiwi.com/mimikatz

19.49k stars 3.74k forks source link

cloudap support for versions > 1909 #400

Closed dmb2168 closed 2 years ago

dmb2168 commented 2 years ago

Windows builds > 1909 use a slightly different memory structure for KIWI_CLOUDAP_LOGON_LIST_ENTRY. Updated header file to include this new structure.

Wrapped the sekurlsa cloudap logic around an if statement that uses the new structure if the reported build is > 1909. I'm not sure if this is the logic you prefer or if there is a more elegant way to toggle which struct to use based on build number, my C is rusty :) . I've also not tested on 32-bit OSes.

dirkjanm commented 2 years ago

Works great on my test hosts, thanks for this fix!

gentilkiwi commented 2 years ago

If @dirkjanm validate the result, who am I to refuse the merge?