privilege
Manipulate privileges for the mimikatz process. Nearly always run first before any other module.
debug
Request SeDebugPrivilege for the mimikatz process. Required to open handles to other processes (e.g. LSASS) with full access.
mimikatz # privilege::debug
Privilege '20' OK
Error
ERROR kuhl_m_privilege_simple ; RtlAdjustPrivilege (20) c0000061
Means the current user does not hold SeDebugPrivilege β administrator rights required.
driver
Request SeLoadDriverPrivilege.
mimikatz # privilege::driver
security
Request SeSecurityPrivilege (access security audit logs, manage audit/security log).
mimikatz # privilege::security
tcb
Request SeTcbPrivilege (act as part of the operating system).
mimikatz # privilege::tcb
backup
Request SeBackupPrivilege (bypass file read ACLs for backup). Useful for reading SYSTEM/SAM/SECURITY hives.
mimikatz # privilege::backup
restore
Request SeRestorePrivilege (bypass file write ACLs for restore).
mimikatz # privilege::restore
id β Request by Privilege ID
Request a specific privilege by LUID value.
mimikatz # privilege::id <privilege-id>
Notes
- Most mimikatz attack modules require
privilege::debugas a prerequisite - Running as a local administrator usually has SeDebugPrivilege available but not enabled β
privilege::debugenables it - If running from a non-admin context,
privilege::debugwill fail β escalate first