Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Get-PassHashes not working on Windows 10 #50

Open
cfalta opened this issue Feb 14, 2017 · 2 comments
Open

Get-PassHashes not working on Windows 10 #50

cfalta opened this issue Feb 14, 2017 · 2 comments

Comments

@cfalta
Copy link

cfalta commented Feb 14, 2017

Get-PassHashes does not work on Windows 10 1607. It always returns empty LM/NTLM hashes on execution.
I attached a screenshot that shows the problem on a test machine. On the left side is the output from Get-PassHashes, on the right side is the (correct) output from mimikatz.
capture
@samratashok
Copy link
Owner

Hi, sorry for the late reply. Let me test the issue.

@cfalta
Copy link
Author

cfalta commented Feb 19, 2017

Hi,

thanks for looking into it. From what I can tell so far, the problem seems to be the powerdump code that gets the encrypted hashes from the SAM.
At line 321 start two checks to verify the LM/NTLM header in the registry (-eq 20) and these checks never succed in Windows 10. I guess they changed something in the layout and therefore the hashes aren't located at the same offsets anymore.
Do you know if there's some kind of documentation on this?

Thanks again, best regards

Christoph

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@samratashok @cfalta