Mimikatz Use Tutorial

Mimikatz is a collection of PowerShell scripts that allow you to perform various attacks against Windows systems. It was developed by Benjamin Delpy and released in 2013. Mimikatz is designed to be easy to use and does not require any prior knowledge of PowerShell or scripting languages. In this tutorial, we will cover the following topics:

Attacks mimikatz can do

Mimikatz can extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.

Installing Mimikatz

To install Mimikatz you will need to download it from it's GitHub release page. WARNING: Modern browsers like Chrome, Brave and Firefox will most likely block it. To download it, press CTRL+J on your windows machine and click on "Keep dangerous file" After you've downloaded the .7z or .zip archive, extract it.

What Mimikatz Can Do

Mimikatz allows you to perform various types of attacks against Windows systems, including:

• User impersonation attacks
• Password attacks
• Privilege escalation attacks
• Session hijacking attacks

Here are some examples of attacks that you can perform using Mimikatz:

Impersonate another user on the same machine

sekurlsa::digestsdump

This command executes the sekurlsa::digestsdump command, which digs up SHA-1 hashes of all currently running processes. This command can be used to determine what other users are doing on the same machine.

Bypass UAC prompts

advapi32::processcreate

This command execute the advapi32::processcreate command, which creates a new process without displaying any UI. This command can be used to create a new instance of Notepad and run it silently in the background.

Escape from Sysinternals PsExec

regedit::hkey_current_userSysnativePsexec

This command executes the regedit::hkey_current_userSysnativePsexec command, which modifies the HKCU registry key that contains the path to the PsExec tool. By changing this value, you can prevent PsExec from opening a command prompt when executed. The output is then piped to the Out-String function, which formats it as a string.