Windows Password Extraction Tool Mimikatz 2.0 Released

Just borrow a computer, and you can easily grab the passwords… “Hey goddess, mind if I use your computer for a sec?”

This is probably common knowledge among the pros, a staple tool for penetration testing. A lightweight debugger written by a badass French developer, it helps security testers extract Windows passwords.

mimikatz has recently released its 2.0 version, making the password dumping commands even simpler. I guess the author saw that the most popular use of this powerful tool is direct password extraction, and thought, why not release a one-click version, lol. New features also include the ability to bypass the login authentication for Remote Desktop (RDP) on Win8 or Win2012 servers that support RestrictedAdmin mode, using captured Kerberos login credentials. It is recommended to disable RestrictedAdmin mode login by default. More features are waiting to be discovered.

The Tool’s Bloghttp://blog.gentilkiwi.com/mimikatz     

Direct Download Linkhttps://github.com/gentilkiwi/mimikatz/releases/tag/2.0.0-alpha-20140614

This is a screenshot of my computer’s password; the covered part is my actual password. My computer is a Win7 64-bit system, so I used the x64 tool.

Version 2.0 only requires two commands, making it even simpler than previous versions.

First: privilege::debug               //Elevate privileges
Second: sekurlsa::logonpasswords               //Dump passwords

 

Unless otherwise stated, please credit the source as: FreebuF.COM

Leave a Comment

Your email address will not be published.