If you have encrypted windows files from a previous user, these certificates needs to be recreated for your new user so you can unlock the files. For this method to work you need to have access to the /Users/ folder from your previous installation, along with the password or the NTLM hash.
Tools used: mimikatz and git bash (for openssl)
Steps:
00:00 Introduction and prerequisites
00:40 #1. Find out which certificate is needed for the encrypted file
02:30 #2. Download mimikatz
03:25 #3. Export the certificate to .DER
04:20 #4. Locate the private certificate
06:19 #5. Find and decrypt the masterkey for private certificate
09:17 #6. Decrypt the private certificate using masterkey hash
10:24 #7. Create the PFX certificate using openssl
13:40 #8. Install the new certificate
Tags:
#efs #bitlocker #certificate #pvk #der #pem #protected #decrypt #encrypt #files #windows #private #public #locked #access #mimikatz #cmd #rsa #crypto #microsoft #publickey #privatekey #masterkey #hash #ntlm #user #win10 #certutil #openssl #cipher
4 окт 2024