Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error with crypto::cng #273

Open
dokkanhacker opened this issue Mar 9, 2020 · 12 comments
Open

Error with crypto::cng #273

dokkanhacker opened this issue Mar 9, 2020 · 12 comments

Comments

@dokkanhacker
Copy link

dokkanhacker commented Mar 9, 2020
edited
Loading

Hello,

I am trying to pull a certificate needed to connect to the wifi from a unni laptop and transfer it to my phone to get access to the wifi. When trying to export the certificate with the private key I keep trying to use crypto::cng and it shows this message "ERROR kull_m_patch_genericProcessOrServiceFromBuild ; OpenProcess (0x00000005)" any ideas on how to fix it and export the certificate with the key?

And when trying to export it with "crypto::certificates /export" it gives this response: Private export : ERROR kull_m_crypto_exportPfx ; PFXExportCertStoreEx/kull_m_file_writeData (0x8009000b).

Does the crypto::cng effect the private export not working??
@hubert3
Copy link
Contributor

hubert3 commented Aug 4, 2022

If still relevant, try this again with the latest mimikatz code (binaries at https://ci.appveyor.com/project/gentilkiwi/mimikatz)

Updates to make crypto::cng work on more recent versions of Win10 x64 were merged a few days ago in PR #362

@patrikcze
Copy link

mimikatz # privilege::debug
Privilege '20' OK

mimikatz # crypto::cng
ERROR kull_m_patch_genericProcessOrServiceFromBuild ; OpenProcess (0x00000005)

When exporting non-exportable keys getting error :

ERROR kull_m_crypto_exportPfx ; PFXExportCertStoreEx/kull_m_file_writeData (0x8009000b)

mimikatz 2.2.0 (arch x64)
Windows NT 10.0 build 19044 (arch x64)
msvc 150030729 207

@hubert3
Copy link
Contributor

hubert3 commented May 3, 2023
edited
Loading

@patrikcze Try with my fork of Mimikatz (there is a later PR #413 with more updates for crypto::cng that has not been merged yet)

@wwwilq
Copy link

wwwilq commented May 5, 2023

@patrikcze Try with my fork of Mimikatz (there is a later PR #413 with more updates for crypto::cng that has not been merged yet)

@hubert3 , where can I download built binaries of your fork ? There are no releases in your fork. (I'm not experinced in building from sources). Can you please?

@hubert3
Copy link
Contributor

hubert3 commented May 8, 2023

@wwwilq @patrikcze see here https://github.com/hubert3/mimikatz/releases/tag/PR413

@wwwilq
Copy link

wwwilq commented May 8, 2023

@wwwilq @patrikcze see here https://github.com/hubert3/mimikatz/releases/tag/PR413

@hubert3 , Thank you very much!!!!!! Your version works for me - even on Windows 11 22H2 with all the latets M$ updates!!! (export of non-exportable cert was successful)
I don't understand why your pull request 413 is not merged since November 2022!!! (WTF???!!) - Probably this project is dead and unsupported. So your fork now is our the only and the last hope!!! One more time - thank you very much for your fix and for your fork with working release!!!

@hubert3
Copy link
Contributor

hubert3 commented May 9, 2023
edited
Loading

@wwwilq glad it works for you

Can you send me the output of mimikatz 'version' command and your system32\ncryptprov.dll DLL version?

On my Win11 22H2 test system with build 22621 (arch x64) and DLL version is 10.0.22621.1635 an updated patch was required for crypto::cng succeed

This patch is now added to my outstanding pull request and the EXE release in my fork

@wwwilq
Copy link

wwwilq commented May 9, 2023

@hubert3 My system32\ncryptprov.dll DLL version is 10.0.22000.1165 (sorry, I mis-informed you, - it is not from the latest April's security update, but just from February's one).

@wwwilq
Copy link

wwwilq commented May 9, 2023

@hubert3 , and one more correction - my system is Windows 11 21H2 (NOT 22H2) - I mixed up everything, sorry.

@hubert3
Copy link
Contributor

hubert3 commented May 11, 2023
edited
Loading

Thanks for the info - When you update to Windows 11 x64 22H2 with the latest updates as of today, it should still work with the latest mimikatz release exe on my fork

@vcepela
Copy link

vcepela commented Jun 5, 2023
edited
Loading

Hello, tested @hubert3 updated binary against 21H2 where version of ncryptprov.dll is 10.0.19041.2193 and got same error as in first post.

C:\Temp>mimikatz.exe

  .#####.   mimikatz 2.2.0 (x64) #22601 May  9 2023 22:56:39
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( [email protected] )
 ## \ / ##       > https://blog.gentilkiwi.com/mimikatz
 '## v ##'       Vincent LE TOUX             ( [email protected] )
  '#####'        > https://pingcastle.com / https://mysmartlogon.com ***/

mimikatz # privilege::debug
Privilege '20' OK

mimikatz # crypto::cng
ERROR kull_m_patch_genericProcessOrServiceFromBuild ; OpenProcess (0x00000005)

mimikatz # version

mimikatz 2.2.0 (arch x64)
Windows NT 10.0 build 19045 (arch x64)
msvc 193532217 1

> SecureKernel is running
> Credential Guard may be running

tried updating to 22H2 with no effect, hash for ncryptprov.dll :

$ sha256sum ncryptprov.dll
2edeac2ee3823dd483a8ee6bff3d7c80387d304abdea6df644adc693bd6587a9  ncryptprov.dll

any tips on troubleshooting this?

@hubert3
Copy link
Contributor

hubert3 commented Jun 15, 2023

Hi @vcepela, my binary works for me on Win10 22H2 with this exact version of the DLL

Try disabling Defender / any other AV / Credential Guard

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@hubert3 @vcepela @patrikcze @wwwilq @dokkanhacker