Its a tool used to view and steal credentails generate kereberos tockets and leverage attacks. Dump credentail store in memory. Attacks like credential dumping,pass the hash , over pass the hash ,pass the ticket , golden ticket.

https://github.com/gentilkiwi/mimikatz

Might get deprecated because of Windows Update though so be careful.Alternatives to this are Invoke_Mimicatz . Download the Zip btw and the already compiled one. This is post exploitation technique and in this case we assume that we have compromised a Domain Controller.

Credential Dumping

So now lets go to the folder we have the program in using cmd . You can also refer the wiki of the github repo liked above to learn more . and all we do is basically execute mimikatz.exe .

So first when after we execute mimikatz.exe we run the code

privilege::debug

basically this means the that we now have the privellage of debbuging so we cannow debug a process which we previously didnt have access it. If we didnt have this on we wouldnt be able to bypass anything and conduct this attack.

Now lets run a few attacks against this

sekurlsa::logonpasswords

and this one will give us a lot lot of details so when we do this for a regular computer we will credits from anyone who has logged in this computer from the last reboot and all these are stored in the memory.

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/9355651b-9de7-4a12-96fc-be9aec3f0d79/Untitled.png

We will get something like this .And this will give us NTLM hashes which we can crack easy peasy and we can also take advantage of the thing called wdigest so this basically is something that was enabled past windows 8 and what this did was basically store your password in clear text so if you are doing this on some old windows mahcine maybe you will be lucky. But this feature still exists its just turned off so basically with the help of mimicatz what we can do is turn this on and wait for someone to login to the system and get their password in clear text.

The command todump SAM hashes with mimicatz is →

lsadump::sam