During a recent CTF there was a challenge to get the plaintext password from an lsass.exe dump on a windows 11 machine. Since wdigest is disabled by default in windows 11 there was no support for this in mimikatz, but by simply adding the following code, everything works as expected. It should be mentioned that you can use the windbg plugin to do this natively, but adding support to the standalone mimikatz would be ideal.
I have attached the lsass dump from the competition in the PR so you can verify the changes.
lsass.tar.gz
During a recent CTF there was a challenge to get the plaintext password from an lsass.exe dump on a windows 11 machine. Since wdigest is disabled by default in windows 11 there was no support for this in mimikatz, but by simply adding the following code, everything works as expected. It should be mentioned that you can use the windbg plugin to do this natively, but adding support to the standalone mimikatz would be ideal.
I have attached the lsass dump from the competition in the PR so you can verify the changes. lsass.tar.gz