gentilkiwi / mimikatz

A little tool to play with Windows security
http://blog.gentilkiwi.com/mimikatz
19.49k stars 3.74k forks source link

Problem with Decrypting Masterkeys #433

Open AgentGrady opened 1 year ago

AgentGrady commented 1 year ago

I have been trying to decrypt masterkeys with the masterkey function but it does nothing not even give a reason why it will not decrypt it. image

Plus, I have been attempting to decrypt the opera passwords that are encrypted with it but even when I get the right master key I get this error plus it gives multiple masterkeys for the Google passwords even though it should only be one.

image

What are causing these issues and how can I resolve them?

BubbleMaker2089 commented 1 year ago

You need to obtain sha1 first using sekurlsa::logonpasswords (works for Win10, on Win11 it won't return sha1). Then, sha1 will be cached. And only after that use dpapi::masterkey command. You can also provide sha1 to dpapi::masterkey by /hash argument. See for details: https://tools.thehacker.recipes/mimikatz/modules/dpapi/masterkey

AgentGrady commented 1 year ago

You need to obtain sha1 first using sekurlsa::logonpasswords (works for Win10, on Win11 it won't return sha1). Then, sha1 will be cached. And only after that use dpapi::masterkey command. You can also provide sha1 to dpapi::masterkey by /hash argument. See for details: https://tools.thehacker.recipes/mimikatz/modules/dpapi/masterkey

Thank you, the operating system I am using is windows 10 but the files I am trying to decrypt are from a windows 10 back up or a laptop that had failed. Would sekurlsa::logonpasswords work for that back files or does that command not work under windows 11 in any case?