CompTIA PenTest+ Certification Passport (Exam PT0-001) by Heather Linn

Author:Heather Linn
Language: eng
Format: epub
Publisher: McGraw-Hill Education
Published: 2020-03-10T16:00:00+00:00

The most common way of getting the process memory is with Mimikatz. Mimikatz needs either SYSTEM-level privilege on a target host or the debug privilege under an Administrator account. Mimikatz supports the LSASS process memory under a module known as sekurlsa. This module is specifically used for dealing with querying LSASS processes in memory and can be done either online or with an offline dump.

Cross-Reference

Mimikatz tool usage is shown in further detail in Objectives 4.2/4.3.

Here is an example of how Mimikatz might be used:

1. Load Mimikatz.

2. Run the privilege::debug command. This gives the account debug privileges for memory.

3. Set up a save file for dumped credentials: log c:\temp\mmk.log.

4. Dump the credentials: sekurlsa::logonpasswords.

5. If WDigest has been disabled and cleartext passwords have been patched out, only hashes appear on the screen.

6. Copy the resulting hashes to an offline password cracker to crack the hashes.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.