skelsec
commented
3 years ago No info so far, I'll get back to you if I know more.
Closed Papotito123 closed 3 years ago
skelsec
commented
3 years ago No info so far, I'll get back to you if I know more.
Papotito123
commented
3 years ago Hello: Thanks for responding. Regarding user password hashes in MicrosoftAccount user.
I upgraded to Win 1909 x64 so I can't assure if this issue still present.
But in Win 1909 x64 I can run pypykatz lsa minidump , pypykatz live registry , and NT and SHA1 hashes are retrieved well.
I read some about a DPAPI issue in windows that doesn't let retrieve NT/SHA1 hashes,LSAScrets some months before. I also tested mimikatz/lazagne/NTHASH-fpc (that also shows same behaviour in Win 1809 x64 until upgrade) and are working fine.
One comment. To get pypkatz works ,I had to uninstall it and install via pip install pypyktz (Successfully installed pypykatz-0.3.15) because throwed error about commons files or some like.This kind of error happened before ,maybe in 1 of the latest 3-4 versions
Thanks.
Hello: I've noticed that when running pypykatz for a MicrosoftAccount user then the SHA1 is just retrieved as;
I thought this was due Win 10 2004H1 . But is doing for every MicrosoftAccount user.
Maybe I didn't notice it. I also ran mimikatz for a MicroaftAccount user and didn't even has a , SHA1: , entry
Any info much appreciated.