Jump to content
Hak5 Forums
Sign in to follow this  
PoSHMagiC0de

Mimikatz for Windows 10 Creators Update

Recommended Posts

So, many of you in the Bashbunny and Rubber Ducky forums are noticing mimikatz/mimidogz in Powersploit has issues with Win10 after the creators update.  It can dump hashes from the sam but it could not get the cleartext passwords like it used to do or currently do on Windows 7.

Well, Gentilkiwi decided to get to work and has a new version of mimikatz that will get the cleartext passwords from Windows 7 Creators Update.  You can find it below.

https://github.com/gentilkiwi/mimikatz

 

Now, what about Invoke-Mimikatz in Powersploit or Mimidogz.  Well, a few of us has been trying to get it to work in the module by substituting the base64 encoded binaries of the old mimikatz with the new base64 encoded binaries.  It does work but will not receive the parameters.  The command line parameters for dumpcreds has changed and has to have the mimi command "privilege::debug" ran first before the usually 2 other commands afterwards "sekurlsa::logonpasswords exit".  What I get is the mimi interactive shell which is fine for live stuff but if trying to automate then this is a stopper.  Also, it seems to crash out the Powershell process it is in when you exit out of it.  If you use the direct executable, Windows defender will see it and stop/kill/remove it.  Avast will definitely kill it, I use Avast as the most difficult of scanners to obfuscate from.  If I beat Avast at full settings, good chance all the others will be the same.

So, if others want to try and help figure it out.  Check out the issues thread for it that started on Powersploit's repo.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×