mimikatz
Mimikatz uses admin rights on Windows to display passwords of currently logged in users in plaintext. It is a post-exploitation tool for extracting credentials from Windows systems.
Description
Mimikatz is a powerful tool designed to extract passwords and credentials from Windows systems when administrative privileges are available. It targets memory and system structures to reveal plaintext passwords of logged-in users, making it invaluable for penetration testing and red team operations.
Use cases include post-exploitation scenarios where testers need to escalate access or move laterally within a Windows environment. The tool is particularly effective against LSASS processes and other credential stores, enabling techniques like pass-the-hash or over-pass-the-hash.
The Kali Linux package provides both 32-bit and 64-bit binaries, along with supporting drivers and libraries, all located in /usr/share/windows-resources/mimikatz. It requires admin rights to function on target Windows machines.
How It Works
Mimikatz leverages Windows administrative privileges to access memory dumps from processes like LSASS, extracting plaintext passwords, NTLM hashes, Kerberos tickets, and other credentials. It employs techniques such as injecting into processes, using minidump drivers (mimidrv.sys), and interacting with spooler services via DLLs like mimispool.dll to bypass protections and retrieve secrets directly from memory.
Installation
sudo apt install mimikatzFlags
Examples
mimikatz -hmimikatz.exe./Win32/mimikatz.exe./x64/mimikatz.exemimikatz 'sekurlsa::logonpasswords'mimikatz 'privilege::debug' 'sekurlsa::pth'