Overview

• Tool used to view and steal credentials, generate Kerberos tickets, and leverage attacks
• Dump credentials stored in memory
• Attacks: Credential Dumping, Pass-the-Hash, Over-Pass-the-Hash, Pass-the-Ticket, Silver Ticket and Golden Ticket

<aside> 💡

Mimikatz is highly detectable by antivirus software. Use it only if the antivirus is disabled, bypassed, or the attack is heavily obfuscated.

</aside>

Transferring Files to the Target Machine

https://github.com/gentilkiwi/mimikatz

Step 1: Download and Prepare the Files

1. Ignore any browser warnings and go to the GitHub Releases page and download the latest ZIP file.
2. Extract the ZIP file to access the necessary files.

<aside> 💡

Login to the Local Admin account (peterparker), not Domain User account (pparker)

Why?

</aside>

Step 2: Transfer Files to the Target Machine

If the target does not have writable SMB shares, use an HTTP server:

python3 -m http.server 80

Then, on the target machine, open a web browser and enter the attacker's IP address. Download the required files manually, ... > keep > show more > keep anyway.