Introduction
In this post, You will learn what is mimikatz and also you will learn how to crack windows passwords and below is the video format of the post, please check it out.
Video
What is mimikatz ❓
Mimikatz uses admin rights on Windows to display passwords of currently logged in users in plaintext.
Maybe the mimikatz will not display the password in plain text but it will display the NTLM and sha1 hash types.
The mimikatz is actually not a password cracking tool according to me because the tool can be only be used after exploitation which means the tool is used for privilege escalation.
Advertisement
Is mimikatz malware
Yes, If you are working mimikatz from windows then windows will consider the tool as malware. The tool mimikatz is also available in kali OS but kali consider the tool as a password hashing tool.
Why Mimikatz in kali
Suppose if you are accessing the target system from a meterpreter shell then you can open the kali inbuilt mimikatz from the shell itself. You can crack the target windows password from kali itself and that’s is why kali is having mimkatz.
Advertisement
How to Install mimikatz
Installing mimikatz in kali is very easy just do a git clone of this repository
gentilkiwi/mimikatz: A little tool to play with Windows security (github.com)
To download mimkatz on windows you should disable the virus and threat protection. To disable it just open your search bar in your computer and enter viruses and threats.
Under virus threat and protection settings click manage settings and disable everything on that list.
Once you have disabled all these go to the below link and download mimikatz trunk. Download the zip file for windows.
Release 2.2.0 20210810-2 Windows 365 Web passwords junk-fix · gentilkiwi/mimikatz (github.com)
Once downloaded extract the file.
If you have successfully extracted then open the file and choose X64 file or x32 file types.
If your system is 32 then click the 32-bit file if your system is 64 bit then choose the 64-bit file and now finally let’s run mimkatz.
Now click on Mimi Katz and run as administrator.
How to find password using mimikatz
It is really very simple to find windows passwords using mimkatz tool Just follow the below step.
Firstly, Let’s ensure the mimikatz works properly
Just enter privilege::debug and if you can see ok then the tool has no errors
To find a windows password just enter sekurlsa::logonpasswords
Just copy the hash and crack it in john the ripper and here is the tutorial on how to crack the password using john the ripper [Click here]
Conclusion
Mimikatz is a great tool to extract the windows password and still the mimkatz works very properly and I hope this blog post will be helpful for you comment down below if you have any doubts or watch the video I made on mimkatz.
Advertisement
Also Read: Password cracking using thc-hydra
