Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sekurlsa::logonpasswords broken in Windows 10 1803 (April 2018 update) (Release) #146

Closed
kyhwana opened this issue May 1, 2018 · 2 comments
Closed

sekurlsa::logonpasswords broken in Windows 10 1803 (April 2018 update) (Release) #146

kyhwana opened this issue May 1, 2018 · 2 comments

Comments

@kyhwana
Copy link

kyhwana commented May 1, 2018
edited by gentilkiwi
Loading

This is the final 1803 build released via Windows update (Not insiders build)

mimikatz # privilege::debug                   
Privilege '20' OK                             
                                              
mimikatz # log sekurlsa.log                   
Using 'sekurlsa.log' for logfile : OK         
                                              
mimikatz # sekurlsa::logonpasswords           
ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list 
                                              
mimikatz # version /full                      
                                              
mimikatz 2.1.1 (arch x64)                     
Windows NT 10.0 build 17134 (arch x64)        
msvc 150030729 207                            
                                              
lsasrv.dll      : 10.0.17134.1                
msv1_0.dll      : 10.0.17134.1                
tspkg.dll       : 10.0.17134.1                
wdigest.dll     : 10.0.17134.1                
kerberos.dll    : 10.0.17134.1                
dpapisrv.dll    : 10.0.17134.1                
cryptdll.dll    : 10.0.17134.1                
samsrv.dll      : 10.0.17134.1                
rsaenh.dll      : 10.0.17134.1                
ncrypt.dll      : 10.0.17134.1                
ncryptprov.dll  : 10.0.17134.1                
wevtsvc.dll     : 10.0.17134.1                
termsrv.dll     : 10.0.17134.1
@gentilkiwi
Copy link
Owner

Please, take a look to the latest update :)
https://github.com/gentilkiwi/mimikatz/releases

@kyhwana
Copy link
Author

kyhwana commented May 2, 2018

Success!
sekurlsa::logonpasswords

Authentication Id : 0 ; 224904 (00000000:00036e88)
Session : Interactive from 1
User Name : kyhwana
Domain : LION
Logon Server : LION
etcetc

Also turns out the new anti-lsass dumping ASR's aren't actually active in 1803: https://twitter.com/jepayneMSFT/status/991462793323790336?s=20

@kyhwana kyhwana closed this as completed May 2, 2018
@trallgorm trallgorm mentioned this issue Jul 5, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kyhwana @gentilkiwi