What’s Mimikatz? And the way this password-stealing device works

Mimikatz definition

Mimikatz is a number one post-exploitation device that dumps passwords from reminiscence, in addition to hashes, PINs and Kerberos tickets. Different helpful assaults it allows are pass-the-hash, pass-the-ticket or constructing Golden Kerberos tickets. This makes post-exploitation lateral motion inside a community simple for attackers.

Mimikatz, described by the creator as simply “a bit of device to play with Home windows safety,” is an extremely efficient offensive safety device developed by Benjamin Delpy. It’s utilized by penetration testers and malware authors alike. The damaging 2017 NotPetya malware rolled leaked NSA exploits like EternalBlue along with Mimikatz to attain most harm.

Initially conceived as a analysis undertaking by Delpy to higher perceive Home windows safety, Mimikatz additionally features a module that dumps Minesweeper from reminiscence and tells you the place all of the mines are situated.

Mimikatz just isn’t tough to make use of, and Mimikatz v1 comes bundled as a meterpreter script as a part of Metasploit. The brand new Mimikatz v2 improve has not but been built-in into Metasploit as of this writing.

The identify “mimikatz” comes from the French slang “mimi” meaning cute, thus “cute cats.” (Delpy is French and he blogs on Mimikatz in his native language.)

How does Mimikatz work?

Mimikatz exploits Home windows single sign-on (SSO) performance to reap credentials. Till Home windows 10, Home windows by default used a characteristic referred to as WDigest that hundreds encrypted passwords into reminiscence, but additionally hundreds the key key to decrypt them. WDigest has been a helpful characteristic for authenticating giant numbers of customers on an enterprise or authorities community, but additionally lets Mimikatz exploit this characteristic by dumping reminiscence and extracting the passwords.

Source link

Show More

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


Adblock Detected

Please consider supporting us by disabling your ad blocker