Cannot patch CNG or export certificate #315
Comments
|
If still relevant, try this again with the latest mimikatz code (binaries at https://ci.appveyor.com/project/gentilkiwi/mimikatz) crypto::cng was failing for you on Win10 x64 build 19041 (20H2), support for this was merged a few days ago in this PR #362 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Thank you for your amazing work
I'm trying to Extract a Non-Exportable Private Key on my laptop.
The Certificate is installed with the Private Key as I see it with Certmgr.exe Certificates Manager "You have a Private Key that corresponds to this Certificate"
Winows Defender is totally OFF by Group Policy Settings and I never install any AV on my computer in the past
mimikatz 2.2.0 (x64) #19041 Sep 18 2020 19:18:29
W10 Pro build 19041 (x64) - English
mimikatz # version /full
mimikatz 2.2.0 (arch x64)
Windows NT 10.0 build 19041 (arch x64)
msvc 150030729 207
lsasrv.dll : 6.2.19041.546
msv1_0.dll : 6.2.19041.450
tspkg.dll : 6.2.19041.264
wdigest.dll : 6.2.19041.388
kerberos.dll : 6.2.19041.546
dpapisrv.dll : 6.2.19041.546
cryptdll.dll : 6.2.19041.546
samsrv.dll : 6.2.19041.546
rsaenh.dll : 6.2.19041.546
ncrypt.dll : 6.2.19041.546
ncryptprov.dll : 6.2.19041.546
wevtsvc.dll : 6.2.19041.388
termsrv.dll : 6.2.19041.84
mimikatz # crypto::capi
Local CryptoAPI RSA CSP patched
Local CryptoAPI DSS CSP patched
mimikatz # privilege::debug
Privilege '20' OK
mimikatz # crypto::cng
ERROR kull_m_patch_genericProcessOrServiceFromBuild ; kull_m_patch (0x00000005)
mimikatz # crypto::stores
Asking for System Store 'CURRENT_USER' (0x00010000)
0. My
mimikatz # crypto::providers
CryptoAPI providers :
0. RSA_FULL ( 1) H - eToken Base Cryptographic Provider
CryptoAPI provider types:
0. RSA_FULL ( 1) - RSA Full (Signature and Key Exchange)
CNG providers :
0. Microsoft Key Protection Provider
mimikatz # crypto::certificates /store:my /export
Key Container : p11#b3935***********
Provider : eToken Base Cryptographic Provider
Provider type : RSA_FULL (1)
Type : AT_KEYEXCHANGE (0x00000001)
|Provider name : eToken Base Cryptographic Provider
|Key Container : p11#b3935**********
|Unique name : p11#b3935**********
|Implementation: CRYPT_IMPL_HARDWARE ; CRYPT_IMPL_SOFTWARE ; CRYPT_IMPL_REMOVABLE ;
Algorithm : CALG_RSA_KEYX
Key size : 2048 (0x00000800)
Key permissions: 000000c3 ( CRYPT_ENCRYPT ; CRYPT_DECRYPT ; CRYPT_EXPORT_KEY ; CRYPT_IMPORT_KEY ; )
Exportable key : NO
Public export : OK - 'CURRENT_USER_my_1_****Limited.der'
Private export : ERROR kull_m_crypto_exportPfx ; PFXExportCertStoreEx/kull_m_file_writeData (0x8009000b)
crypto::keys /export /cngprovider:"SafeNet Smart Card Key Storage Provider"
CNG keys :
0. p11#b3935**********
|Provider name : SafeNet Smart Card Key Storage Provider
|Implementation: NCRYPT_IMPL_HARDWARE_FLAG ; NCRYPT_IMPL_SOFTWARE_FLAG ; NCRYPT_IMPL_REMOVABLE_FLAG ;
Key Container : p11#b3935***********
Unique name : p11#b3935***********
Algorithm : RSA
Key size : 2048 (0x00000800)
Export policy : 00000000 ( )
Exportable key : NO
Private export : ERROR kuhl_m_crypto_exportKeyToFile ; NCryptExportKey(CAPIPRIVATEBLOB -- init): 0x80090027
mimikatz # crypto::keys /export /provider:"eToken Base Cryptographic Provider"
CryptoAPI keys :
0. p11#b3935**************
p11#b3935**************
Type : AT_KEYEXCHANGE (0x00000001)
|Provider name : eToken Base Cryptographic Provider
|Key Container : p11#b3935**************
|Unique name : p11#b3935**************
|Implementation: CRYPT_IMPL_HARDWARE ; CRYPT_IMPL_SOFTWARE ; CRYPT_IMPL_REMOVABLE ;
Algorithm : CALG_RSA_KEYX
Key size : 2048 (0x00000800)
Key permissions: 000000c3 ( CRYPT_ENCRYPT ; CRYPT_DECRYPT ; CRYPT_EXPORT_KEY ; CRYPT_IMPORT_KEY ; )
Exportable key : NO
Private export : ERROR kuhl_m_crypto_exportKeyToFile ; CryptExportKey(init) (0x8009000b)
The text was updated successfully, but these errors were encountered: