Mimikatz

Mimikatz is a Windows post-exploitation framework designed for extracting plaintext passwords, hashes, PIN codes, and security tokens from system memory and the registry. It functions as a credential extraction tool that targets the Local Security Authority Subsystem Service to retrieve cached credentials and sensitive account data.

The project provides specialized capabilities for Active Directory penetration testing, including the simulation of domain controllers to replicate directory secrets. It features a Kerberos ticket manipulator capable of exporting, injecting, and forging authentication tickets to bypass identity verification.

The framework covers a broad range of security analysis activities, including privilege escalation, network lateral movement, and the export of private keys and certificates from system stores. It also includes utilities for kernel-mode driver injection to bypass operating system protections and the encryption of remote command traffic.

Features

Credential Extraction Toolkits - Provides a framework for auditing Windows security by accessing sensitive data stored in the Local Security Authority.

Active Directory Security - Tests domain security by forging Kerberos tickets and replicating directory secrets to escalate privileges.

Credential Dumping - Retrieves secrets, cached credentials, and database information from the registry and system memory.

Authentication Process Interaction - Communicates with system authentication processes to request decrypted passwords or cached credential blobs.

Credential Memory Dumping - Reads process memory directly to extract sensitive credentials stored by the local security authority.

Credential Extraction Utilities - Retrieves plaintext passwords, hashes, PIN codes, and authentication tickets directly from system memory.

Golden Ticket Attacks - Exports, injects and forges Kerberos tickets to bypass authentication and perform Golden Ticket attacks.

Ticket Forgery and Injection - Parses and modifies authentication tickets in memory to forge identity claims or inject stolen session keys.

Kerberos Ticket Extractors - Extracts active Kerberos authentication tickets from system memory for offline analysis or injection.

Kerberos Ticket Forgers - Generates forged Kerberos authentication tickets to obtain persistent administrative access to a network.

Memory-Based Plaintext Recovery - Retrieves plaintext passwords and hashes from memory by interacting with the local security authority.

Post-Exploitation Frameworks - Provides a set of tools for escalating privileges, performing lateral movement and exporting cryptographic keys.

Privilege Escalation Analysis - Gains unauthorized administrative access by extracting security tokens and manipulating the local security authority.

Lateral Movement Techniques - Moves between compromised systems using stolen credentials and forged authentication tickets to impersonate users.

Directory Replication Tools - Mimics domain controller replication protocols to retrieve sensitive Active Directory account data.

Kernel Driver Injection - Loads custom kernel-mode drivers to bypass operating system protections and access privileged system memory.

Cryptographic Key Extractors - Extracts certificates and non-exportable private keys from system and user certificate stores.

Protected Hive Access - Provides capabilities to read protected system registry hives to extract stored hashes and security descriptors.

ParrotSecmimikatz

Features

Star history