Closed SLiNv closed 7 months ago
BubbleMaker2089
commented
8 months ago Hi. Can you explain please how you obtained those offsets? I believe Win11 has more than 22H2 version. It means we need to add such offsets for every version, right? So I wonder how you can get them for specific Win version?
BubbleMaker2089
commented
8 months ago Also. The same issue goes for sha1. It can't be obtained on Win 11 22H2. Only ntlm hash. Is there any solution for sekurlsa::logonpasswords too?
SLiNv
commented
8 months ago Hi. Can you explain please how you obtained those offsets? I believe Win11 has more than 22H2 version. It means we need to add such offsets for every version, right? So I wonder how you can get them for specific Win version?
Hi. You can referred to ariticles and blog posts that reveals how mimikatz works and follow the same path reversing lsasrv.dll to find out the hashes. They will tell you how to find the offset after locating LogonSessionList and LogonSessionListCount.
Some posts: Inside the Mimikatz Pass-the-Hash Command (Part 2)
However, later I found out that pypykatz has all that sorted out, you can use pypykatz or refer to it too. template.py
@BubbleMaker2089
b1gy7
commented
4 months ago What happened with the Smartcard Entries/Values/Offsets ? I tested the newest build on a Windows 11 23H2 and I don't seem to get correct output when it comes to a Smartcard (for example the PINs of a Smartcard or any other correct information , like a Certificate that is being used on a Smartcard) . While on Windows 10 22H2 it seems to work just fine getting correct information and in general with all type of kerberos authentication data.
@gentilkiwi @SLiNv
Updated LsaSrvReferences and LsaInitializeProtectedMemory_KEY for parsing Windows 11's dump file