What can prevent Mimikatz from accessing LSA?

Çağlar Arlı - 7 Views

What can prevent Mimikatz from accessing LSA?

I used to run Mimikatz in one of my computers. Then, I did something to block its action and I do not recall what it was. I am trying to revert it unsuccessfully.

  .#####.   mimikatz 2.2.0 (x64) #19041 Aug 10 2021 17:19:53
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > https://blog.gentilkiwi.com/mimikatz
 '## v ##'       Vincent LE TOUX             ( vincent.letoux@gmail.com )
  '#####'        > https://pingcastle.com / https://mysmartlogon.com ***/

mimikatz # privilege::debug
Privilege '20' OK

mimikatz # token::elevate
Token Id  : 0
User name :
SID name  : NT AUTHORITY\SYSTEM

792     {0;000003e7} 1 D 63431          NT AUTHORITY\SYSTEM     S-1-5-18        (04g,21p)       Primary
 -> Impersonated !
 * Process Token : {0;00025b34} 1 F 4156027     COMP\U244        S-1-5-21-542114799-846785721-1465343628-1001    (14g,24p)       Primary
 * Thread Token  : {0;000003e7} 1 D 4625769     NT AUTHORITY\SYSTEM     S-1-5-18        (04g,21p)       Impersonation (Delegation)

mimikatz # sekurlsa::logonpasswords
ERROR kuhl_m_sekurlsa_acquireLSA ; Handle on memory (0x00000005)

I know about RunAsPPL, but I have removed it:

reg query “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA” /v RunAsPPL
ERROR: Invalid key name.

Maybe a HotFIX changed something, I am running:

OS Version:                10.0.19043 N/A Build 19043

What else could be breaking the necessary access?

Annanowa

What can prevent Mimikatz from accessing LSA?

What can prevent Mimikatz from accessing LSA?

Son Yazılar

Son Yorumlar