Mimikatz 法國神器

0x00 標準模塊

Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)

exit - Quit mimikatz
cls - Clear screen (doesn't work with redirections, like PsExec)
answer - Answer to the Ultimate Question of Life, the Universe, and Everything
coffee - Please, make me a coffee!
sleep - Sleep an amount of milliseconds
log - Log mimikatz input/output to file   // log 1.txt  設置日誌文件爲1.txt；log /stop 中止日誌記錄
base64 - Switch file input/output base64
version - Display some version informations
cd - Change or display current directory
localtime - Displays system local date and time (OJ command)
hostname - Displays system local hostname

---

 

0x01 模塊列表

一、standard - Standard module [Basic commands (does not require module name)]

 

二、crypto - Crypto Module

Module : crypto
Full name : Crypto Module

providers - List cryptographic providers
stores - List cryptographic stores
certificates - List (or export) certificates
keys - List (or export) keys containers
sc - List smartcard readers
hash - Hash a password with optional username
system - Describe a Windows System Certificate (file, TODO:registry or hive)
scauth - Create a authentication certitifate (smartcard like) from a CA
certtohw - Try to export a software CA to a crypto (virtual)hardware
capi - [experimental] Patch CryptoAPI layer for easy export
cng - [experimental] Patch CNG service for easy export
extract - [experimental] Extract keys from CAPI RSA/AES provider

 

三、sekurlsa - SekurLSA module [Some commands to enumerate credentials...]

 

四、kerberos - Kerberos package module []
五、privilege - Privilege module


Module : privilege
Full name : Privilege module

debug - Ask debug privilege
driver - Ask load driver privilege
security - Ask security privilege
tcb - Ask tcb privilege
backup - Ask backup privilege
restore - Ask restore privilege
sysenv - Ask system environment privilege
id - Ask a privilege by its id
name - Ask a privilege by its name

六、process - Process module

七、service - Service module
八、lsadump - LsaDump module
九、ts - Terminal Server module
十、event - Event module
十一、misc - Miscellaneous module
十二、token - Token manipulation module
1三、vault - Windows Vault/Credential module
1四、minesweeper - MineSweeper module
1五、net -
1六、dpapi - DPAPI Module (by API or RAW access) [Data Protection application programming interface]
1七、busylight - BusyLight Module
1八、sysenv - System Environment Value module
1九、sid - Security Identifiers module
20、iis - IIS XML Config module
2一、rpc - RPC control of mimikatz
2二、sr98 - RF module for SR98 device and T5577 target
2三、rdm - RF module for RDM(830 AL) device
2四、acr - ACR Module

 

 

---

 

Ref

一、《官方幫助》 https://github.com/gentilkiwi/mimikatz/wiki 

二、《Unofficial Guide to Mimikatz & Command Reference》https://adsecurity.org/?page_id=1821