-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sekurlsa::ekeys logs incorrect key types #314
Comments
Can you post some outputs and support data ? :)
|
Sorry, but Windows isn't cooperating with me at the moment. I'm currently unable to get mimikatz to run on it at all. From what I remember, if you just run 'sekurlsa::ekeys' on a Win10 2004 system, all of the key types in the left hand column show as des_cbc_md4, including the one that should clearly be labeled aes256_hmac. If you're unable to replicate the issue this way, maybe it was some vaguery of my windows system, (which I've since spilled a drink on and had to have replaced). |
@johnmccash see #322 . The pull request should solve this issue as well. |
Sorry to necro this issue @gentilkiwi, but I ran into the same today. The output of
I'm using |
I was just familiarizing myself with overpass-the-hash, and I realized that the key types that are output by the current version of Mimikatz seem to be incorrect. All current entries in the output table under the line "* Key List :" are showing up as "des_cbc_md4" (I'm running it on Win10 2004). I can tell by the length that the first one is probably supposed to be aes256_hmac, and I know for sure that all the ones below it are actually my NTLM hash. This bug actually shows up partially in https://blog.gentilkiwi.com/securite/mimikatz/overpass-the-hash. You can see in the screenshot there that the first entry is aes256_hmac, the 2nd one is aes128_hmac (or, at least, I assume that these first two labels are accurate), and all the others, with five different labels, are all the same, and match the example NTLM hash. This is, of course, just a minor bug, but I would think it maybe deserves to be fixed, if possible?
The text was updated successfully, but these errors were encountered: