Pulling plaintext passwords with mimikatz
Now that we have a meterpreter, we can use it to dump passwords from the memory. Mimikatz is a great tool for this. It tries and dumps the password from the memory. As defined by the creator of mimikatz himself:
"It is made in C and considered as some experiments with Windows security" It's now well known to extract plaintexts passwords, hash, and PIN code and kerberos tickets from memory. Mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets."
How to do it…
Following are the steps to use mimikatz:Â
- Once we have the meterpreter and system privileges, we load up mimikatz using this command:
load mimikatz
- To view all the options, we type this command:
help mimikatz- Now in order to retrieve passwords from the memory, we use the built-in command of Metasploit:
msv
- We can see that the NTLM hashes are shown on the screen. To view Kerberos credentials, we type this:
kerberos
If there were any credentials, they would...
