Monday, February 9, 2015

MSF's Mimikatz doesnt work on Windows 8.1 what can you do?



So you are on a Windows 8.1 box. You go to run the trusty mimikatz-->wdigest and it fails.

Well technically it will work but there wont be anything there


Using the current mimikatz that ships with metasploit (as of 1/16/2015) will not return anything. This is because 8.1 doesn't keep passwords in memory any more.

However, you should still be able to get hashes and kerberos tickets

The current standalone version of mimikatz will do this

https://github.com/gentilkiwi/mimikatz/releases/

and using the

mimikatz # sekurlsa::logonpasswords

https://github.com/gentilkiwi/mimikatz/wiki/module-~-sekurlsa



Dumping kerberos tickets should also work

mimikatz # sekurlsa::tickets /export
minidump should also work

CG

1 comment:

sagi- said...

Hi,

Great blog, thanks for your hard work.

To get mimikatz (2.0 alpha) working on Windows 8.1 (tested on Pro edition) you would have to create the following registry key and get the the user to relogin:
reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1