Mimikatz

A tool built by @gentilkiwi to learn C and Windows Security if you are fully aware plaintext credentials, PINS, and Kerberos Tickets can be extracted from memory. A few examples will be given with the tool

A requirement is to elevate permissions to Administrator or SYSTEM

Windows has implemented more security into its OS that plaintext credentials are now a little more difficult to achieve, but we can still grab the LM Hash of the OS and crack this offline or utilize the PTH technique within mimikatz or other tools.

Attackers can take advantage of Administrator permissions and enable this feature again, to allow the grab of cleartext credentials

reg add HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest /v UseLogonCredential /t REG_DWORD /d 1

This allows the gathering of cleartext credentials, as demonstrated below after a user authenticates again

PreviousCredential Dumping NextLsass Dumping

Last updated 2 years ago