Closed SLiNv closed 1 year ago
Hi. Can you explain please how you obtained those offsets? I believe Win11 has more than 22H2 version. It means we need to add such offsets for every version, right? So I wonder how you can get them for specific Win version?
Also. The same issue goes for sha1. It can't be obtained on Win 11 22H2. Only ntlm hash. Is there any solution for sekurlsa::logonpasswords too?
Hi. Can you explain please how you obtained those offsets? I believe Win11 has more than 22H2 version. It means we need to add such offsets for every version, right? So I wonder how you can get them for specific Win version?
Hi. You can referred to ariticles and blog posts that reveals how mimikatz works and follow the same path reversing lsasrv.dll to find out the hashes. They will tell you how to find the offset after locating LogonSessionList
and LogonSessionListCount
.
Some posts: Inside the Mimikatz Pass-the-Hash Command (Part 2)
However, later I found out that pypykatz has all that sorted out, you can use pypykatz or refer to it too. template.py
@BubbleMaker2089
What happened with the Smartcard Entries/Values/Offsets ? I tested the newest build on a Windows 11 23H2 and I don't seem to get correct output when it comes to a Smartcard (for example the PINs of a Smartcard or any other correct information , like a Certificate that is being used on a Smartcard) . While on Windows 10 22H2 it seems to work just fine getting correct information and in general with all type of kerberos authentication data.
@gentilkiwi @SLiNv
Updated LsaSrvReferences and LsaInitializeProtectedMemory_KEY for parsing Windows 11's dump file