The Output
Running either the mimikatz binary or powershell equivalent Invoke-Mimikatz will give you output similar to the following:
Authentication Id : 0 ; 92831308 (00000000:05889d8c) Session : RemoteInteractive from 3 User Name : john.smith Domain : ACME SID : S-1-5-21-2052118978-2816230894-3584936141-8335 msv : [00000003] Primary * Username : john.smith * Domain : ACME * NTLM : 1acd1a77416c50969d66867cd1e27e91 * SHA1 : fc1a13cdf5e6d8da249812b320764fbaac0cb1bb [00010000] CredentialKeys * NTLM : 1acd1a77416c50969d66867cd1e27e91 * SHA1 : fc1a13cdf5e6d8da249812b320764fbaac0cb1bb tspkg : wdigest : * Username : john.smith * Domain : ACME * Password : Myl0ngs3cretP@ssword kerberos : * Username : john.smith * Domain : ACME.mycompany * Password : (null) ssp : credman :In most situations you'll often just want to know the users and passwords however this is hidden among a whole load of other output. Now we could go and patch the mimikatz code or we could use a cheeky one-liner...
I Love A One-Liner
My goal was to obtain a list of all usernames with domains and passwords from a set of mimikatz output files. This is simple to do with the following one-liner:
cat *|tr -d '\011\015' |awk '/Username/ { user=$0; getline; domain=$0; getline; print user " " domain " " $0}'|grep -v "* LM\|* NTLM\|Microsoft_OC1\|* Password : (null)"|awk '{if (length($12)>2) print $8 "\\" $4 ":" $12}'|sort -u
Parsing the example above you get the following:
ACME\john.smith:Myl0ngP@ssword jira.acme.com\john.smith@acme.com:Myj1raP@ssword
Hows it work?
I modified the one-liner to also output just the usernames and passwords without the domain:
- I start by outputting all files in the current directory and removing carriage return characters as these seemed to break awk. I also remove tab characters to clean up the output.
- Next up I used awk to effectively put the username, domain and password all on the same line. This makes greppping, cutting or more awking easier.
- I used grep to remove lines I didn't care about. For example NTLM hashes and null passwords.
- I then did a final awk to remove hex string passwords. I'm not sure how/why mimikatz generates this output, if anyone knows please leave a comment! :)
- And finally I sorted and uniqued the list.
I modified the one-liner to also output just the usernames and passwords without the domain:
cat *|tr -d '\011\015' |awk '/Username/ { user=$0; getline; getline; print user " " $0}'|grep -v "* LM\|* NTLM\|Microsoft_OC1\|* Password : (null)"|awk '{if (length($8)>2) print $4 ":" $8}'|sort -u
john.smith:Myl0ngP@ssword john.smith@acme.com:Myj1raP@sswordAnd also output usernames and NTLM hashes ready for use with pth-winexe:
cat *|tr -d '\011\015' |awk '/Username/ { user=$0; getline; domain=$0; getline; print user " " domain " " $0}'|grep -v "* LM\|* Password\|Microsoft_OC1"|awk '{if (length($12)>2) print $8 "/" $4 "%aad3b435b51404eeaad3b435b51404ee:" $12}'|sort -u
ACME/john.smith%aad3b435b51404eeaad3b435b51404ee:1acd1a77416c50969d66867cd1e27e91If you want a different output format just modify the final print statement.
Final Thoughts
Mimikatz is such an awesome tool unfortunately the default output is not that user/grep friendly. Luckily with a simple one-liner we can easily work the output into something more useful. As mentioned in my smb-share enumeration post, don't be afraid to jump in and learn some grep/awk/sed, these tools can speed up data analysis massively!
Hopefully this post has been useful, if you have any suggestions for improvements or better ways to get usable output then leave a comment below.
Pwndizzle out.
Try to take a look at these advices if you want to be a nursing school student. It will help you to achieve success
ReplyDeleteThis blog is so interesting and impressive
ReplyDeleteclipping path service|Photo Retouching services|Vector Tracing
Nice blog. I would like to share it with my friends. I hope you will continue your works like this. Keep up the excellent work. You have a magical talent of holding readers mind. It is something special which cant be given to everyone.
ReplyDeleteIn today's digital world secure your systems from cyber attacks by using McAfee antivirus. Visit: mcafee.com/activate
Could you please write at least a few words in English? I can't get this stupid code. I am not a programmer, I just need to finish my computer science essay that's all. I need some additionalinfo to make a conclusion.
ReplyDeleteWe support all types of HP printer troubleshooting and service. Just enter the model number of your printer in 123.hp.com/setup to identify the software and drivers your printer requires. Download and install it in your mac and 'Run' the file. The process is easy however if you have any doubts or queries regarding HP printers contact us.
ReplyDeleteBest Buy Appointment |
ReplyDeleteGeek Squad Appointment Scheduling |
Best Buy Geek Squad Appointment Schedule |
BestBuy.com Appointments |
Geek Squad Appointments At Best Buy |
Make An Appointment With The Geek Squad |
Schedule Geek Squad Appointment |le
AllHomeworkHelp
ReplyDeletePR homework help
math homework help
With the help of our lord mentors, understudies present the assignments in the offered time and can show hints of progress grades without barely lifting a finger.
I really happy found this website eventually. Really informative and inoperative, Thanks for the post and effort! Please keep sharing more such blog.
ReplyDeletevisit@-
mcafee.com/activate |
mcafee.com/activate |
webroot support number |
office.com/setup
We are a free help giving body, enabling you to get to our telephonic administrations. At the point when your HP Printer makes inconvenience for you, dial HP Printer Support Toll-Free number USA. Our help administrations are very savvy. We stay open 24 hours every day and 7 days per week. We are never off helping you. We manage our clients over the telephone as it were.
ReplyDeleteHP Support
I found this is an informative blog and also very useful and knowledgeable. I would like to thank you for the efforts you have made in writing this blog norton.com/setup
ReplyDeletewww.norton.com/setup
Now a day Tech Support is everyone's requirement for their Devices as a laptop, Printer, Pc, ….etc. Among then if you required HP Printer Installation Setup steps in a simple way by the expert call our Toll-Free Number for more details.
ReplyDeleteCan I Setup HP Officejet Pro 8710 Printer
Fix Computer Applications are Running too Slow
Thanks for sharing this post with us.
ReplyDeleteResolve HP Envy Photo 7155 Printer is Printing Blank Pages
Can I Fix Asus laptop wireless internet is not Working
www.canon.com/ijsetup
ReplyDeletewww.norton.com/setup
solutions.brother.com/windows
Malwarebytes unable to connect to service
virus alert from Microsoft this computer is blocked
avast virus definitions won't update
canon.com/ijsetup
ReplyDeleteepson connect printer setup utility
www.avg.com/retail
how to install Norton antivirus on Windows 10
how do i reinstall norton 360 without disc
support.brother.com/windows
Canon printer drivers for chromebook
This is one of the best articles I have ever read all information is very useful for me I would love to read this article and subscribe to it. Thank you for sharing this with us. I also want to share some useful links here. www.office.com/setup, Office product key, office.com/setup
ReplyDeleteGreat i Love the article most
ReplyDeleteHindi News
Hindi Sad Shayari
Wordpress in hindi
South Indian Hindi Dubbed Movies
The third hacker full movie
KGF chapter 2
Geek Squad became extremely successful with this approach, and in 2002, the company became part of Best Buy. In 2004, Geek Squad was rolled out throughout the U.S. and Canada, eventually expanding beyond its computer tech origins to help out with everything from appliance repairs to car, home theater and smart home installations.
ReplyDeleteFor more information visit site :- Geek Squad tech support
Geek Squad appointment
Chase Verify Card – Chase bank Credit Card clients can confirm and activate online at chase.com. In the event that you have just applied for a Credit Card of Chase Bank, you ought to activate it by confirming it online at Bank's authentic site is www.chase.com. On the off chance that you "How would I enact my interest Credit Card?" Are searching for. So read the cycle beneath to confirm the card, at that point activate it.
ReplyDeleteRead More…
printer in error state
ReplyDeleteprinter is in error state
canon printer error
printing in error state
printing in error state
canon printer reset tool
reset canon printer
Is this the proper coding to get an e-mail to the "de" server system or is there a different designation that I need to use from the USA?https://hotmailgermany.wordpress.com/2021/02/03/hotmail-anmeldung-login-www-hotmail-com/
ReplyDeleteThanks for sharing this information and keep updating us with valuable content.
ReplyDeleteIf you have any issues related to QuickBooks likes
QuickBooks Desktop Installation Errors | QuickBooks Online Error Code 101 | QuickBooks Error Code C=44 or other issues then visit here to resolve your issues.
Dear admin your blog is very impressive with awesome content all information is very informative and I have gained So much useful information from your article. You are doing great work keep it up and all the best for upcoming comments. I have some useful links to share here. mcafee.com/activate, www.mcafee.com/activate, mcafee activation code, mcafee.com/activate
ReplyDeleteWe provide the solution for more common issues or letting the customer know that a higher level of support member will get back to them as soon as possible. Our customer service representatives can help you offer true tech support rather than routing them to a third party that bills for their services.Your information provided is solely used by the Geek squad for the repair of your computer. We will not sell your information to any other party. Geek squad ensures you that your data is in safe hands. We provide a fully safe and secure service to our client.
ReplyDeleteGeek Squad Appointment
Geek Squad Support
Amazing Information. Thanks for sharing with us. Keep sharing again.
ReplyDeleteAkshi Engineers is one of the best turnkey solution for hot rolling mill manufacturers in India. We provide equipment, products and consulting services for Rolling Mill Manufacturers. With minimal investment, we can provide a solution for the rolling mill manufacturer that meets customer needs. We also provide consulting services for steel making process research and development.
www.canon.com/ijsetup
ReplyDeletewww.canon.com/ijsetup
www.canon.com/ijsetup
www.canon.com/ijsetup
www.canon.com/ijsetup
www.canon.com/ijsetup
www.canon.com/ijsetup
www.canon.com/ijsetup
solutions.brother.com/windows
ReplyDeletesolutions.brother.com/windows
solutions.brother.com/windows
solutions.brother.com/windows
solutions.brother.com/windows
Accurate Infosoft is the top cloud migration service providers in USA , Basically Cloud migration is commonly used to move the user’s data from traditional storage devices like an on-premises storage to the cloud storage. The Cloud- which is also known as ‘cloud computing’ also refers to a type of computer services accessed over the internet.
ReplyDeleteMany times it is seen that people even sell their property such as putting their entire life savings and even selling off their jewelry and costly ornaments to win big in the Indian matka. In most such cases they end up losing up everything and even adapting to a poorer lifestyle such as the regular use of alcohol and drugs in excessive amounts to get rid of the tension and immense stress of losing out their entire fortune in just a couple of seconds.
ReplyDeleteThe chances of winning big are the same as the chances of losing big. You need to consider the fact there are two facets to the DPboss matka. And understanding the rules of the matka will help you to bet on the numbers better.
Accurate Infosoft Provide sql backup recovery solution in usa. It Structured Query Language which provides support to create a snapshot from SQL server with the help of a Volume Shadow copy Service (VSS). And A VSS compliant (SQL writer) is used to enable a third-party backup application to use the framework that can be used to backup files. Our firm provides SQL servers to keep all your personal as well as commercial information safe and sound.
ReplyDeleteThe brother printer in error state issue is one of the normal error that by and large happens on the Brother printer. Brother printer in error state It's anything but vital that assuming your printer is old, just you will get such errors, you can normally confront this error regardless of whether you have used the devices for once. The fundamental highlight comprehend is that it doesn't imply that your Brother printer is anything but a solid one. The Brother printer is internationally used across a huge number of user. there are numerous users who wish to print in HD quality, with highlights like quick network, easy to use on the brother printer. In the advanced world, there are numerous user who need machines that as skilled to accomplish effective work with overseeing time.
ReplyDeleteNice Post,
ReplyDeleteConfused about what career to choose, you can go for some Career Selection then take the help of Dr. Vinay Bajrangi to choose the right career selection.
Best Hospital management software in usa. It including Hospital billing, Hospital appointments, Hospital scheduling, Hospital regulatory compliance and Hospital financial auditing within healthcare management software by Accurate Infosoft
ReplyDeleteGreat Post. Thanks for sharing.
ReplyDeleteConsult with best career astrologers for the best career astrology prediction
Amazing post. Thanks for letting us.
ReplyDeleteConnect with top astrologer in Canada for best astrology predictions.
We all know what salesforce is and how it helps to build a company's foundation stronger. This article would be perfect if you are hearing about Salesforce for the first time or if you are yet confused in introducing Salesforce to your company. So let's start from the basics... salesforce online training
ReplyDeleteNice blog
ReplyDeleteIt’s always good to keep a watch on your Daily Horoscope and it's better way to plan your day. You can follow the Free Daily Horoscope from a good astrology website
I was always hard for me to deal with excel assignments. That's why I prefer excel experts for hire who can deal with all tasks professionally.
ReplyDeleteHi,
ReplyDeleteIf you face any issue relate Water damage repair then contact to us resolve this.
Hi,
ReplyDeleteIf you face any issue relate Electrician Redlands then contact to us resolve this.
In that case, you’ll need to cut out these water-damaged sections as soon as possible. When assessing how to repair ceiling Drywall Water Damage when it’s wet and sagging
ReplyDeletekya aap islamic information zero to hero sikhna chahte hai to namazquran.com website ke sath jude jao waha pe apko daily new post islamic knowledge ka milega.
ReplyDeleteThis is my first time to see exactly what I wanted on one site. Amazing.
ReplyDeleteRead Kundli in Hindi from our site.
happy-eid-milad-un-nabi-images
ReplyDeleteeid-milad-un-nabi-2021-images
Aaqa-Ka-Milad-Aaya-Lyrics
Eid-Milad-Un-Nabi-Mubarak-Images
Eid-Milad-Un-Nabi-Ki-Haqeeqat-In-Hindi
Eid-Milad-Un-Nabi-In-Quran
undefined
Astroyogi, The most trusted astrology app, offers live astrology consultation over a phone call or chat. On this app, you can connect with 2000+ India’s best astrologers. you can get all kinds of services like horoscope matching, Kundli matching, astrological remedies, and expert guidance from top professional astrologers.
ReplyDeleteThis post is very good I am very happy to see this post. Thanks for sharing such a great article. Keep up the work... your site is great, and it's helping us a lot.
ReplyDeleteIt really Great Article, Please Upload Daily Posts.
These Are My Aps Please Check Out.
Video Player App 😍
" Ad-Free Video Player"
Good Morning Images
The MetaMask app is both a wallet & a browser. Buy, send, spend & exchange your digital assets. Make payments to anyone, anywhere. Log into websites securely to trade assets, lend, borrow, play games, publish content, buy rare digital art, and so much more.
ReplyDeletemetamask login |
metamask wallet |
metamask wallet |
gemini login |
gemini login |
ReplyDeleteMetaMask is a best Crypto Wallet and your Gateway to Web3 Buy, store and send tokens globally Explore blockchain applications at lightening speed choose what to share and what to keep private.
metamask login | metamask wallet | metamask wallet | etoro login | etoro login |
Hi....
ReplyDeleteAssuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password".
You are also read more Get Personal Loan
robinhood login | robinhood login | crypto.com login | crypto.com login | metamask login |metamask login | metamask login
ReplyDeleteAren't you curious about whether you're meant to meet your true love or soulmate? What about that new special someone you just met? Do you want to know if there’s a future ahead for the two of you together? Then clear all your doubts by downloading the astroyogi app and and expert guidance from top professional online astrologer.
ReplyDeleteMy Assignment Help Now is a valuable source of getting experts’ help for academic papers. Connecting with the well-qualified professionals helps you to score top grades. Students who have no ideas about how to start their papers, they can search for our superior assignment help service to compose their documents.
ReplyDeleteThanks and keep sharing such valuable updates through your side. You can also visit:
ReplyDeleteCetak Spanduk Murah Jakarta
Tempat Print Murah Jakarta
I was looking for this type of information for a long time but through your post I got more information, thank you..
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThat is a very good tip especially to those fresh to the blogosphere. Short but very accurate info… Thanks for sharing this one. for More Details Click Here:- Change AOL Email Password
ReplyDeleteIndir APK
ReplyDeletePDF Anytime
The Naat Lyrics
Power of Islam
Choose Tech Special
khwaja garib nawaz urus mubarak
ReplyDeletekhwaja garib nawazchatti
syed baba tajuddin
ya syed ahmed jilani
labbaik ya rasool allah hu
This comment has been removed by the author.
ReplyDeleteFTX is a cryptocurrency derivatives exchange built by traders, for traders. They strive to build a platform powerful enough for professional trading firms and intuitive enough for first-time users. FTX supports quarterly and perpetual futures for all major cryptocurrencies, leveraged tokens, and OTC.
ReplyDeleteftx exchange |
Spookyswap |
coinspot login |
aol mail login
Impressive!Thanks for the post
ReplyDeleteBest Travel Agency in Madurai | Travels in Madurai
Madurai Travels | Best Travels in Madurai
Tours and Travels in Madurai | Best Tour Operators in Madurai
This is very good content you share on this blog. it's very informative and provide me future related information. thnaks For Sharing
ReplyDeleteWhen students hear the words accounting and finance, a sense of dread arises in their minds, owing to the high level of strain and stress associated with the same area of business. Help with finance assignment can make it easier. Apart from hard calculations, students must also employ inefficient phrases, which are disliked by the majority of people all over the world.
ReplyDeleteHi.....
ReplyDeleteAssuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password".
You are also read more cryptocurrency prices
This is a great post. I like this topic.This site has lots of advantage.I found many interesting things from this site. It helps me in many ways.Thanks for posting.
ReplyDeletepython internship | web development internship |internship for mechanical engineering students |mechanical engineering internships |java training in chennai |internship for 1st year engineering students |online internships for cse students |online internship for engineering students |internship for ece students|data science internships |
I also want to share a remarkable experience with you and my friend's children through a web blog.She knew the job, and it also includes what it is like for men and women to have a wonderful personality that is sufficiently subtle to understand the subject matter.The results exceeded readers' expectations.
ReplyDelete바카라사이트
토토
토토사이트
스포츠토토
안전놀이터
카지노사이트
Hey, Guys! I'mMinakshi Singh I hope you know just how incredibly unique you are in every single way. The way that you walk, the way that you smile, the way that you laugh... They all add up to one very amazing person. And guess what? That person is You! So, keep up the good work! The Universe Girl's Reminder to all the girls with beautiful heart : Kindly visit my site for more details www.minakshisingh.in
ReplyDeleteNice Post!!
ReplyDeletePlease look here at Fortune Teller Malaysia
Nice Post!!
ReplyDeletePlease look here at Psychic Reader in California
Thanks for sharing such helpful content on your site Relationship Counseling
ReplyDelete