mimiDbg: retrieve wdigest passwords from the memory
MimiDbg is a PowerShell oneliner that leverages the Microsoft tools “DbgShell”. DbgShell is a PowerShell front-end for the Windows debugger engine. You can find DbgShell here
MimiDbg uses PowerMemory concept to retrieve Wdigest passwords from the memory.
Operating System supported
Currently, I tested the oneliner against:
Windows 2012R2 – 64-bit
Windows 2016 – 64-bit
How to use it?
- Download the project.
- Unzip it in c:\temp.
- Open a command prompt.
- Type: cd c:\temp\DbgShell\x64
- Run the following one-liner:
It has been on my mind for a long time (since DbgShell announcement). The project is still pretty new. However, it can demonstrate what can be accomplished.
Look here for more information about Credential Guard