What is Mimikatz

What is Mimikatz

Q. What is Mimikatz?

A. Mimikatz is an open-source utility that enables the viewing of credential information from the Windows lsass (Local Security Authority Subsystem Service) through its sekurlsa module which includes plaintext passwords and Kerberos tickets which could then be used for attacks such as pass-the-hash and pass-the-ticket. Most anti-virus tools will detect the presence of Mimikatz as a threat and delete it but it can be interesting to test security on systems.

It is available from https://github.com/gentilkiwi/mimikatz and I use it to demonstrate the absence of ticket information when using security features such as remote credential guard.

Below is an example execution to look for passwords on a system.

privilege::debug
Sekurlsa::logonpasswords

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish