payloads, meterpreter binaries, and you have clear text credentials for an admin, you can just use Mimikatz's alpha release that allows you to run Mimikatz on your machine against a process memory dump of LSASS. The great thing about this technique is that
the only thing on disk is a Microsoft tool.
Lets start. First we make sure our authentication works against the box and we can look inside of C$ (usually only admins can)
If that works then we want to check that we can all the "AT" command on the remote host:
All set. Next lets prep our workspace on the remote host. We are using the C:\Temp directory.
The contents of procdump.bat are:
I'm using the computer name in the memory dump name to help me keep track of where the dump came from, but also help me notice when I've dumped more than one IP that is actually the same host.
Next we schedule the task. Use net time to determine the local time for the remote machine.
Pull down the file and clean up:
Load up the Alpha version of Mimikatz, switch it to minidump mode and you're dumping creds:
Thats it. Password dumping without ever using a "Hacker" tool on target. Much love Microsoft. And even more to Mimikatz creator
you can even create minidump via PowerShell script =)
https://github.com/mattifestation/PowerSploit/blob/master/Exfiltration/Out-Minidump.ps1
funny that the example given is <code>LSASS</code> process ;)
![Linux之父警告全球程序员:我刚发布的5.12内核有bug,你们千万别用[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)