Skip to content

module ~ crypto

Jump to bottom
Benjamin DELPY edited this page Apr 27, 2014 · 12 revisions

providers

This command list all providers: CryptoAPI, then CNG if available (NT 6).

mimikatz # crypto::providers

CryptoAPI providers :
 0. Microsoft Base Cryptographic Provider v1.0
 1. Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
 2. Microsoft Base DSS Cryptographic Provider
 3. Microsoft Base Smart Card Crypto Provider
 4. Microsoft DH SChannel Cryptographic Provider
 5. Microsoft Enhanced Cryptographic Provider v1.0
 6. Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
 7. Microsoft Enhanced RSA and AES Cryptographic Provider
 8. Microsoft RSA SChannel Cryptographic Provider
 9. Microsoft Strong Cryptographic Provider
10. SafeSign Standard Cryptographic Service Provider
11. SafeSign Standard RSA and AES Cryptographic Service Provider

CNG providers :
 0. Microsoft Primitive Provider
 1. Microsoft Smart Card Key Storage Provider
 2. Microsoft Software Key Storage Provider
 3. Microsoft SSL Protocol Provider
 4. SafeSign Key Storage Provider

stores

Argument:

  • /systemstore - optional - the system store that must be used to list stores (default: CERT_SYSTEM_STORE_CURRENT_USER)
    It can be one of:
    • CERT_SYSTEM_STORE_CURRENT_USER or CURRENT_USER
    • CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY or USER_GROUP_POLICY
    • CERT_SYSTEM_STORE_LOCAL_MACHINE or LOCAL_MACHINE
    • CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY or LOCAL_MACHINE_GROUP_POLICY
    • CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE or LOCAL_MACHINE_ENTERPRISE
    • CERT_SYSTEM_STORE_CURRENT_SERVICE or CURRENT_SERVICE
    • CERT_SYSTEM_STORE_USERS or USERS
    • CERT_SYSTEM_STORE_SERVICES or SERVICES 
mimikatz # crypto::stores /systemstore:local_machine
Asking for System Store 'local_machine' (0x00020000)
 0. My
 1. Root
 2. Trust
 3. CA
 4. TrustedPublisher
 5. Disallowed
 6. AuthRoot
 7. TrustedPeople
 8. ADDRESSBOOK
 9. ipcu
10. Remote Desktop
11. REQUEST
12. SmartCardRoot
13. TrustedDevices
14. Windows Live ID Token Issuer

certificates

keys

capi

mimikatz # crypto::capi
Local CryptoAPI patched

cng

mimikatz # privilege::debug
Privilege '20' OK

mimikatz # crypto::cng
"KeyIso" service patched
Clone this wiki locally