ฝัง
- เผยแพร่เมื่อ 26 ธ.ค. 2024
- If you have encrypted windows files from a previous user, these certificates needs to be recreated for your new user so you can unlock the files. For this method to work you need to have access to the /Users/ folder from your previous installation, along with the password or the NTLM hash.
Tools used: mimikatz and git bash (for openssl)
Steps:
00:00 Introduction and prerequisites
00:40 #1. Find out which certificate is needed for the encrypted file
02:30 #2. Download mimikatz
03:25 #3. Export the certificate to .DER
04:20 #4. Locate the private certificate
06:19 #5. Find and decrypt the masterkey for private certificate
09:17 #6. Decrypt the private certificate using masterkey hash
10:24 #7. Create the PFX certificate using openssl
13:40 #8. Install the new certificate
Tags:
#efs #bitlocker #certificate #pvk #der #pem #protected #decrypt #encrypt #files #windows #private #public #locked #access #mimikatz #cmd #rsa #crypto #microsoft #publickey #privatekey #masterkey #hash #ntlm #user #win10 #certutil #openssl #cipher
You are my lifesaver. I struggled on password part but I made it. Thanks mate
Glad to hear it was working for you!
Damn, what a great video!
Mine didn't work first try. But then I installed the certificate by double clicking it, then it worked!
Happy to hear you had use of the video! My head was thinking too deep into commands so I didnt think of the fact you could just double click it.
Hey what's if I don't have the certificates, will it able to work. Help please I'm struggling
Hi @simpan_TV , PLEASE ASSIST BRO,🙏🙏 similar situation but copied users files from user account on c driver, then installed new windows on user computer only for the copied files to be encrypted, nothing works to decrypt. And unfortunately backup other than the copied user files which are encrypted don't exist. Is it possible to recover or decrypt user data.
Please please help 🙏🙏🙏, I'm about to be fired at work over this incident as our company doesn't allow losing user data
Certificate lost after new windows install how to😢
You need to have a backup of the old files. If you just format the disk its still possible it might be in the unused sectors and is able to be restored.
How to restore@@Simpan_TV
Hi @simpan_TV , PLEASE ASSIST BRO,🙏🙏 similar situation but copied users files from user account on c driver, then installed new windows on user computer only for the copied files to be encrypted, nothing works to decrypt. And unfortunately backup other than the copied user files which are encrypted don't exist. Is it possible to recover or decrypt user data.
Please please help 🙏🙏🙏, I'm about to be fired at work over this incident as our company doesn't allow losing user data
Hi @simpan_TV , PLEASE ASSIST BRO,🙏🙏 similar situation but copied users files from user account on c driver, then installed new windows on user computer only for the copied files to be encrypted, nothing works to decrypt. And unfortunately backup other than the copied user files which are encrypted don't exist. Is it possible to recover or decrypt user data.
Please please help 🙏🙏🙏, I'm about to be fired at work over this incident as our company doesn't allow losing user data
Any other solution?
Afraid no other solution is known to my knowledge
Hi @simpan_TV , PLEASE ASSIST BRO,🙏🙏 similar situation but copied users files from user account on c driver, then installed new windows on user computer only for the copied files to be encrypted, nothing works to decrypt. And unfortunately backup other than the copied user files which are encrypted don't exist. Is it possible to recover or decrypt user data.
Please please help 🙏🙏🙏, I'm about to be fired at work over this incident as our company doesn't allow losing user data