The Output
Running either the mimikatz binary or powershell equivalent Invoke-Mimikatz will give you output similar to the following:
Authentication Id : 0 ; 92831308 (00000000:05889d8c) Session : RemoteInteractive from 3 User Name : john.smith Domain : ACME SID : S-1-5-21-2052118978-2816230894-3584936141-8335 msv : [00000003] Primary * Username : john.smith * Domain : ACME * NTLM : 1acd1a77416c50969d66867cd1e27e91 * SHA1 : fc1a13cdf5e6d8da249812b320764fbaac0cb1bb [00010000] CredentialKeys * NTLM : 1acd1a77416c50969d66867cd1e27e91 * SHA1 : fc1a13cdf5e6d8da249812b320764fbaac0cb1bb tspkg : wdigest : * Username : john.smith * Domain : ACME * Password : Myl0ngs3cretP@ssword kerberos : * Username : john.smith * Domain : ACME.mycompany * Password : (null) ssp : credman :In most situations you'll often just want to know the users and passwords however this is hidden among a whole load of other output. Now we could go and patch the mimikatz code or we could use a cheeky one-liner...
I Love A One-Liner
My goal was to obtain a list of all usernames with domains and passwords from a set of mimikatz output files. This is simple to do with the following one-liner:
cat *|tr -d '\011\015' |awk '/Username/ { user=$0; getline; domain=$0; getline; print user " " domain " " $0}'|grep -v "* LM\|* NTLM\|Microsoft_OC1\|* Password : (null)"|awk '{if (length($12)>2) print $8 "\\" $4 ":" $12}'|sort -u
Parsing the example above you get the following:
ACME\john.smith:Myl0ngP@ssword jira.acme.com\john.smith@acme.com:Myj1raP@ssword
Hows it work?
I modified the one-liner to also output just the usernames and passwords without the domain:
- I start by outputting all files in the current directory and removing carriage return characters as these seemed to break awk. I also remove tab characters to clean up the output.
- Next up I used awk to effectively put the username, domain and password all on the same line. This makes greppping, cutting or more awking easier.
- I used grep to remove lines I didn't care about. For example NTLM hashes and null passwords.
- I then did a final awk to remove hex string passwords. I'm not sure how/why mimikatz generates this output, if anyone knows please leave a comment! :)
- And finally I sorted and uniqued the list.
I modified the one-liner to also output just the usernames and passwords without the domain:
cat *|tr -d '\011\015' |awk '/Username/ { user=$0; getline; getline; print user " " $0}'|grep -v "* LM\|* NTLM\|Microsoft_OC1\|* Password : (null)"|awk '{if (length($8)>2) print $4 ":" $8}'|sort -u
john.smith:Myl0ngP@ssword john.smith@acme.com:Myj1raP@sswordAnd also output usernames and NTLM hashes ready for use with pth-winexe:
cat *|tr -d '\011\015' |awk '/Username/ { user=$0; getline; domain=$0; getline; print user " " domain " " $0}'|grep -v "* LM\|* Password\|Microsoft_OC1"|awk '{if (length($12)>2) print $8 "/" $4 "%aad3b435b51404eeaad3b435b51404ee:" $12}'|sort -u
ACME/john.smith%aad3b435b51404eeaad3b435b51404ee:1acd1a77416c50969d66867cd1e27e91If you want a different output format just modify the final print statement.
Final Thoughts
Mimikatz is such an awesome tool unfortunately the default output is not that user/grep friendly. Luckily with a simple one-liner we can easily work the output into something more useful. As mentioned in my smb-share enumeration post, don't be afraid to jump in and learn some grep/awk/sed, these tools can speed up data analysis massively!
Hopefully this post has been useful, if you have any suggestions for improvements or better ways to get usable output then leave a comment below.
Pwndizzle out.
Try to take a look at these advices if you want to be a nursing school student. It will help you to achieve success
ReplyDeleteThis blog is so interesting and impressive
ReplyDeleteclipping path service|Photo Retouching services|Vector Tracing
Could you please write at least a few words in English? I can't get this stupid code. I am not a programmer, I just need to finish my computer science essay that's all. I need some additionalinfo to make a conclusion.
ReplyDeleteAllHomeworkHelp
ReplyDeletePR homework help
math homework help
With the help of our lord mentors, understudies present the assignments in the offered time and can show hints of progress grades without barely lifting a finger.
We are a free help giving body, enabling you to get to our telephonic administrations. At the point when your HP Printer makes inconvenience for you, dial HP Printer Support Toll-Free number USA. Our help administrations are very savvy. We stay open 24 hours every day and 7 days per week. We are never off helping you. We manage our clients over the telephone as it were.
ReplyDeleteHP Support
printer in error state
ReplyDeleteprinter is in error state
canon printer error
printing in error state
printing in error state
canon printer reset tool
reset canon printer
Is this the proper coding to get an e-mail to the "de" server system or is there a different designation that I need to use from the USA?https://hotmailgermany.wordpress.com/2021/02/03/hotmail-anmeldung-login-www-hotmail-com/
ReplyDeleteThanks for sharing this information and keep updating us with valuable content.
ReplyDeleteIf you have any issues related to QuickBooks likes
QuickBooks Desktop Installation Errors | QuickBooks Online Error Code 101 | QuickBooks Error Code C=44 or other issues then visit here to resolve your issues.
Accurate Infosoft is the top cloud migration service providers in USA , Basically Cloud migration is commonly used to move the user’s data from traditional storage devices like an on-premises storage to the cloud storage. The Cloud- which is also known as ‘cloud computing’ also refers to a type of computer services accessed over the internet.
ReplyDeleteAccurate Infosoft Provide sql backup recovery solution in usa. It Structured Query Language which provides support to create a snapshot from SQL server with the help of a Volume Shadow copy Service (VSS). And A VSS compliant (SQL writer) is used to enable a third-party backup application to use the framework that can be used to backup files. Our firm provides SQL servers to keep all your personal as well as commercial information safe and sound.
ReplyDeleteNice Post,
ReplyDeleteConfused about what career to choose, you can go for some Career Selection then take the help of Dr. Vinay Bajrangi to choose the right career selection.
Best Hospital management software in usa. It including Hospital billing, Hospital appointments, Hospital scheduling, Hospital regulatory compliance and Hospital financial auditing within healthcare management software by Accurate Infosoft
ReplyDeleteGreat Post. Thanks for sharing.
ReplyDeleteConsult with best career astrologers for the best career astrology prediction
Amazing post. Thanks for letting us.
ReplyDeleteConnect with top astrologer in Canada for best astrology predictions.
We all know what salesforce is and how it helps to build a company's foundation stronger. This article would be perfect if you are hearing about Salesforce for the first time or if you are yet confused in introducing Salesforce to your company. So let's start from the basics... salesforce online training
ReplyDeleteNice blog
ReplyDeleteIt’s always good to keep a watch on your Daily Horoscope and it's better way to plan your day. You can follow the Free Daily Horoscope from a good astrology website
I was always hard for me to deal with excel assignments. That's why I prefer excel experts for hire who can deal with all tasks professionally.
ReplyDeleteHi,
ReplyDeleteIf you face any issue relate Water damage repair then contact to us resolve this.
Hi,
ReplyDeleteIf you face any issue relate Electrician Redlands then contact to us resolve this.
In that case, you’ll need to cut out these water-damaged sections as soon as possible. When assessing how to repair ceiling Drywall Water Damage when it’s wet and sagging
ReplyDeleteThis is my first time to see exactly what I wanted on one site. Amazing.
ReplyDeleteRead Kundli in Hindi from our site.
Astroyogi, The most trusted astrology app, offers live astrology consultation over a phone call or chat. On this app, you can connect with 2000+ India’s best astrologers. you can get all kinds of services like horoscope matching, Kundli matching, astrological remedies, and expert guidance from top professional astrologers.
ReplyDeleteThis post is very good I am very happy to see this post. Thanks for sharing such a great article. Keep up the work... your site is great, and it's helping us a lot.
ReplyDeleteIt really Great Article, Please Upload Daily Posts.
These Are My Aps Please Check Out.
Video Player App ๐
" Ad-Free Video Player"
Good Morning Images
ReplyDeleteMetaMask is a best Crypto Wallet and your Gateway to Web3 Buy, store and send tokens globally Explore blockchain applications at lightening speed choose what to share and what to keep private.
metamask login | metamask wallet | metamask wallet | etoro login | etoro login |
Hi....
ReplyDeleteAssuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password".
You are also read more Get Personal Loan
Aren't you curious about whether you're meant to meet your true love or soulmate? What about that new special someone you just met? Do you want to know if there’s a future ahead for the two of you together? Then clear all your doubts by downloading the astroyogi app and and expert guidance from top professional online astrologer.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThat is a very good tip especially to those fresh to the blogosphere. Short but very accurate info… Thanks for sharing this one. for More Details Click Here:- Change AOL Email Password
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteHi.....
ReplyDeleteAssuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password".
You are also read more cryptocurrency prices
I also want to share a remarkable experience with you and my friend's children through a web blog.She knew the job, and it also includes what it is like for men and women to have a wonderful personality that is sufficiently subtle to understand the subject matter.The results exceeded readers' expectations.
ReplyDelete๋ฐ์นด๋ผ์ฌ์ดํธ
ํ ํ
ํ ํ ์ฌ์ดํธ
์คํฌ์ธ ํ ํ
์์ ๋์ดํฐ
์นด์ง๋ ธ์ฌ์ดํธ
Hey, Guys! I'mMinakshi Singh I hope you know just how incredibly unique you are in every single way. The way that you walk, the way that you smile, the way that you laugh... They all add up to one very amazing person. And guess what? That person is You! So, keep up the good work! The Universe Girl's Reminder to all the girls with beautiful heart : Kindly visit my site for more details www.minakshisingh.in
ReplyDeleteThanks for sharing such helpful content on your site Relationship Counseling
ReplyDeleteCloud foundation is virtual registering framework that clients can access through an organization. A cloud framework engineer plans and constructs the frameworks and organization expected for such a cloud framework. Their jobs might incorporate creating cloud networks that store information that can be gotten to on the web and dealing with frameworks associating clients to mists. An information framework engineer is likewise engaged with settling on conclusions about how to really get information>> cloud infra engineer
ReplyDelete