mimikatz – Clear Text Passwords

mimikatz – Clear Text Passwords

WDigest is a DLL first added in Windows XP that is used to authenticate users against HTTP Digest authentication and Simple Authentication Security Layer (SASL) exchanges. Both of these require the user’s plain-text password in order to derive the key to authenticate—thus why it is stored in plain-text. Mimikatz is a slick tool that pulls plain-text passwords out of WDigest (explained below) interfaced through LSASS.

I’ve seen many blog posts about this tool and will refer you to them to read more technical details about the way this tool works. Basically, here you will have a little code to download the source and the binaries. Also, notice that in order to run this remotly you might want to bypass the UAC on the remote machine using post/windows/escalate/bypassuac and only then upload the files.

You can get the script using the line below then just chmod it and it will get the tool + it’s source.

wget http://hackingdefined.org/tools/getMK.sh

Source for the getMK.sh
#!/bin/bash
clear
echo -e "\e[00;34m[|]\e[00m  Building directories."
cd ~/Desktop
mkdir mimikatz
cd mimikatz
mkdir Binaries
cd Binaries
echo -e "\e[00;34m[|]\e[00m  Getting binaries."
wget --quiet http://hackingdefined.org/tools/mimbin.zip 2> /dev/null
unzip mimbin.zip 2> /dev/null
cd ..
echo -e "\e[00;32m[+]\e[00m  Got binaries."
mkdir source
cd source
echo -e "\e[00;34m[|]\e[00m  Getting source code."
wget --quiet http://hackingdefined.org/tools/mimsrc.zip 2> /dev/null
unzip mimsrc.zip 2> /dev/null
echo -e "\e[00;32m[+]\e[00m  Got source code."
echo -e "\e[00;32m[+]\e[00m  All done and ready at " `echo ~/Desktop/mimikatz`
echo -e ""
You can read more about this at:

About The Author

Yuval Nativ

Yuval Nativ

Yuval (tisf) Nativ is the manager of the Cyber Assualt Division of See-Security Technologies. As part of his job he is the manager of the Hacking Defined Experts program, a penetration tester, security researcher and developer. If you like to find him in our offices, just ask where Moriarty is…

Comments are closed.