ERROR dpapi::masterkey #329
Comments
|
add: |
|
Hello:. At end , try with /protected or /unprotect. |
|
Hello: dpapi::masterkey /in:"C:\Users\username\AppData\Roaming\Microsoft\Protect\S-I-D\GUIDname" /password:userpassword /sid:S-I-D /protected ,you will get Masterkey SHA1 hash. But you are sure this GUID name is the right one ? For example, if you run; ,the GUID name given is the one to use to decrypt Google Chrome logins(really to decrfypt Local State file to get the AES SHA1 key to decrypt Chrome logins) |
|
Hi,
and very very thanks. I tried both possibilities, without success :-(
Kind Regards
…---------- Původní e-mail ----------
Od: Papotito123 <[email protected]>
Komu: gentilkiwi/mimikatz <[email protected]>
Datum: 3. 2. 2021 0:08:58
Předmět: Re: [gentilkiwi/mimikatz] ERROR dpapi::masterkey (#329)
"
Hello:.
command should be like:
dpapi::masterkey /in:path-to-masterkey /sid:usersid /hash:user-passw-SHA1
At end , try with /protected or /unprotect.
This were said by the developer some time before ,saying could be feasible
due to newer windows versions.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
(#329 (comment)),
or unsubscribe
(https://github.com/notifications/unsubscribe-auth/ASICXQUXWSGND7ULTAWGEGDS5CAYLANCNFSM4W6YUWKA)
.
"
|
|
Hi,
I tried to decrypt EFS crypted files and have followed the proccess in this
article:
https://tinyapps.org/docs/decrypt-efs-without-cert-backup.html
But the step 5. Decrypt the master key (with plain pasword, not SHA1 hash,
because I am really surewith the password!)
resulted to error
Very thanks and kind regards
…---------- Původní e-mail ----------
Od: Papotito123 <[email protected]>
Komu: gentilkiwi/mimikatz <[email protected]>
Datum: 3. 2. 2021 3:09:57
Předmět: Re: [gentilkiwi/mimikatz] ERROR dpapi::masterkey (#329)
"
Hello:
What you what to accomplish ?
There's plenty of GUID Masterkey names.For decrypt Chrome logins, System
Masterkey ,User M,asterkey ...
dpapi::masterkey /in:"C:\Users\username\AppData\Roaming\Microsoft\Protect\S-
I-D\GUIDname" /password:userpassword /sid:S-I-D /protected
,you will get Masterkey SHA1 hash.
But you are sure this GUID name is the right one ?
For example, if you run;
<code>dpapi::cred /in:"C:\Users\username\AppData\Local\Microsoft\Credentials\credname"
</code>
,the GUID name given is the one to use to decrypt Google Chrome logins
(really to decrfypt Local State file to get the AES SHA1 key to decrypt
Chrome logins)
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
(#329 (comment)),
or unsubscribe
(https://github.com/notifications/unsubscribe-auth/ASICXQTXTUZQ34WOPOXQ4QLS5CV65ANCNFSM4W6YUWKA)
.
"
|
|
Same problem here, same Guide: [masterkey] with password: XXXXXXXX (normal user) Also getting the same error when trying SHA1 instead |
|
Hello: dpapi::masterkey /in:"C:\Users\username\AppData\Roaming\Microsoft\Protect\S-I-D\GUIDname" /password:userpassword /sid:S-I-D /protected kull_m_dpapi_unprotect_masterkey_with_password error is mostly because the password is not the right one to decrypt this masterkey guid. |
|
@Papotito123 you're right, I had the password wrong, stupid me. worked like charm after finally remembering it right. |
|
Hello: |
Hello,
when running command:
dpapi::masterkey /in:"Protect\SID-FULL-NAME\GUID-KEY-NAME" /password:PLAIN_PASSWORD_TEXT /protected
it shows error;
[masterkey] with password: PLAIN_PASSWORD_TEXT (protected user)
ERROR kuhl_m_dpapi_masterkey ; kull_m_dpapi_unprotect_masterkey_with_password
when I run without /protected and with argument /sid:"SID_FULL_NAME" the result is same.
Version of running OS Win 10 18363 (x64)
Version of offline OS Win 10 (some older version)
mimikatz 2.2.0.
Very thanks for help.
The text was updated successfully, but these errors were encountered: