mimikatz 2.2.0 20191125 releases: A little tool to play with Windows security
Mimikatz is an open-source gadget written in C, launched in April 2014. It is very powerful, support from the Windows system memory to extract clear text password, hash, PIN code, and Kerberos credentials, and pass-the-hash, pass-the-ticket, build Golden tickets and other hacking technology. It comes in two flavors: x64 or Win32, depending on your windows version (32/64 bits).
The Win32 flavor cannot access 64 bits of process memory (like lsass) but can open 32 bits minidump under Windows 64 bits.
Some operations need administrator privileges or SYSTEM token, so be aware of UAC from Vista version.
And windbg together, it can even read the virtual machine system password credentials.
- library mimilib
- driver mimidrv
Changelog v2.2.0 20191125
- New DPAPI stuff & crypto
- [new] dpapi::masterkey now supports SID with SYSTEM_DPAPI (for @dirkjanm services ;))
- [new] dpapi::cache filter non relevant SIDs
- [new] dpapi::cred now supports WinInet double DPAPI
- [new] dpapi::blob /raw for hex input
- [new] dpapi::blob /ascii to force ascii output (when not unicode data)
- [new] crypto:: & dpapi::cng key & certificates flags from current SDK (VSM)
- [new] sr98::nedap module (@iceman1001 <3)
- [new] lsadump::mbc to dump MachineBoundCertificate
Preventing Mimikatz steal Windows system password
[Tips] Using mimikataz on penetration testing