Mimikatz - ConnorEast/Tech-Journal GitHub Wiki

Mimikatz Documentation write up.

---

Setup:

Step 1: Disable windows firewall.
Step 2: Download Mimikatz
Step 3: Unzip Mimikatz and run the 64 bit version as Admin.

---

Commands:

Command 1: "sekurlsa::logonpasswords"

This command lists all of the recent login data stored in the memory of LSASS. This includes the users name, domain, When the login occurred, and the NTLM and Sha1 codes. If it's available it will also show you the plaintext password. NTLM and SHA1 codes can be used in pass-the-hash attacks or to perform Lateral Movement

Command 2: “lsadump::lsa /inject”

This command dumps content from the SAM (Security Access Manager) database which gets its information from the LSA (Local Security Authority). Once the SAM confirms the users Identity the LSA will issue them a token stating user and group permission SIDs.

Command 3: ""