LinikatzV2 – Unveiling UNIX Secrets in Active Directory Environments

LinikatzV2 is a bash script based on the Linikatz tool developed by time-machine (link). It allows post-exploitation tasks on UNIX computers joined to Active Directory, using various methods for credential mining.

This tool needs root privileges to be run on the host system.

It allows extraction of :

Hashed stored in files for offline connection (SHA-512 format)
Kerberos tickets (user & machine)
Clear passwords in RAM
NTLM machine hash
AES-128 & AES-256 machine keys

Optional :

Configuration files (SSSD, VAS, etc)

Some of these actions may not produce results. Typically, the presence of hashes and clears in RAM depends on a user’s connection to the UNIX system.

Usage

$ sudo ./linikatzV2.sh

Various options are available :

-c | –conf-files : Dumps configuration files.
–hash-output=file.txt : Allows you to choose the name of the output file containing the hashes.
-n | -no-file : Removes the process dump files, etc.
-k | –kerberos-tickets : Create a copy of the Kerberos tickets found.

Moonwalk : Cover Your Tracks During Linux Exploitation By Leaving Zero Traces

June 20, 2022

In "Kali Linux"

NewMachineAccount : Streamlining Active Directory Machine Account Creation For Penetration Testing

February 28, 2025

In "Exploitation Tools"

Stifle : A Post-Exploitation Tool For Explicit Certificate Mapping In Active Directory

February 18, 2025

In "Exploitation Tools"

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.