LinikatzV2 – Unveiling UNIX Secrets in Active Directory Environments

LinikatzV2 is a bash script based on the Linikatz tool developed by time-machine (link). It allows post-exploitation tasks on UNIX computers joined to Active Directory, using various methods for credential mining.

This tool needs root privileges to be run on the host system.

It allows extraction of :

Hashed stored in files for offline connection (SHA-512 format)
Kerberos tickets (user & machine)
Clear passwords in RAM
NTLM machine hash
AES-128 & AES-256 machine keys

Optional :

Configuration files (SSSD, VAS, etc)

Some of these actions may not produce results. Typically, the presence of hashes and clears in RAM depends on a user’s connection to the UNIX system.

Usage

$ sudo ./linikatzV2.sh

Various options are available :

-c | –conf-files : Dumps configuration files.
–hash-output=file.txt : Allows you to choose the name of the output file containing the hashes.
-n | -no-file : Removes the process dump files, etc.
-k | –kerberos-tickets : Create a copy of the Kerberos tickets found.

Varshini

Tamil has a great interest in the fields of Cyber Security, OSINT, and CTF projects. Currently, he is deeply involved in researching and publishing various security tools with Kali Linux Tutorials, which is quite fascinating.