Cracking and Dumping hashes with MimiKatz

Mimikatz is a very popular and powerful post-exploitation tool mainly used for dumping user credentials inside of a active directory network

For this post and lab Ill be focusing on dumping NTLM hashes and cracking them

This lab already has Mimikatz.exe installed on the Windows Server

Launching the .exe from the Downloads folder, we are then able to test the privilege on it to verify it is working.

Once we get the ok, lets dump the hashes!

Once we have our hashes we can then attempt to crack using Hashcat with the command below

hashcat -m 1000 <hash> rockyou.txt

That matches our Administrator password that we used to RDP into the machine

We are now going to search and attempt to crack the passwords for Machine1 and Machine2

Machine1 we get a hash of 64f12cddaa88057e06a81b54e73b949b. Cracking that with hashcat we get Password1

For Machine 2 we crack it to Password2