Mimikatz
12 pages
privilege
privilege Manipulate privileges for the mimikatz process. Nearly always run first before any other module. debug Request…
token
token Manipulate Windows access tokens. Used to impersonate other users and elevate to SYSTEM. Prerequisites mimikatz # …
sekurlsa
sekurlsa Extract passwords, keys, PIN codes, and Kerberos tickets from LSASS memory. Requires privilege::debug first (or…
kerberos
kerberos Interact with Kerberos tickets using the official Microsoft Kerberos API. No elevated privileges required for m…
lsadump
lsadump Dump credential databases from Windows systems: SAM, LSA secrets, cached credentials, DCSync, and more. Prerequi…
crypto
crypto Interact with Windows CryptoAPI and CNG (Cryptography Next Generation). Patch providers to make non-exportable pr…
vault
vault Access and extract credentials from the Windows Vault (Credential Manager). Requires privilege::debug . Prerequisi…
dpapi
dpapi Data Protection API (DPAPI) operations. Decrypt blobs, extract master keys, recover credentials protected by user …
net
net Query Active Directory and local system user/group information. Similar to the built-in net command but leverages to…
process
process Enumerate and manage Windows processes. list — Enumerate Processes List all running processes with their PIDs. m…
misc
misc Miscellaneous mimikatz commands for launching processes, system manipulation, and specialized attacks. cmd — Spawn …
standard (main module)
standard (main module) Core mimikatz utility commands. These don't require a module prefix — exit works the same as stan…