Jump to content

Mimikatz for Windows 10 Creators Update


Recommended Posts

So, many of you in the Bashbunny and Rubber Ducky forums are noticing mimikatz/mimidogz in Powersploit has issues with Win10 after the creators update.  It can dump hashes from the sam but it could not get the cleartext passwords like it used to do or currently do on Windows 7.

Well, Gentilkiwi decided to get to work and has a new version of mimikatz that will get the cleartext passwords from Windows 7 Creators Update.  You can find it below.



Now, what about Invoke-Mimikatz in Powersploit or Mimidogz.  Well, a few of us has been trying to get it to work in the module by substituting the base64 encoded binaries of the old mimikatz with the new base64 encoded binaries.  It does work but will not receive the parameters.  The command line parameters for dumpcreds has changed and has to have the mimi command "privilege::debug" ran first before the usually 2 other commands afterwards "sekurlsa::logonpasswords exit".  What I get is the mimi interactive shell which is fine for live stuff but if trying to automate then this is a stopper.  Also, it seems to crash out the Powershell process it is in when you exit out of it.  If you use the direct executable, Windows defender will see it and stop/kill/remove it.  Avast will definitely kill it, I use Avast as the most difficult of scanners to obfuscate from.  If I beat Avast at full settings, good chance all the others will be the same.

So, if others want to try and help figure it out.  Check out the issues thread for it that started on Powersploit's repo.

Link to comment
Share on other sites

  • 2 weeks later...
2 hours ago, rottingsun said:

With mimikatz and all the derivatives being flagged more and more these days, I find it more effective to take a memdump of lsass using procdump, then running it through mimi in minidump mode.

I agree.  And powerdump works for getting SAM hashes.  Token manipulation works for getting tokens.  Mimikatz still good for golden tickets though.  But yeah, there are other methods to use mimi to get creds.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...