Is it possible to use mimikatz to dump plaintext passwords of users in network by injecting mimilsa into lsass in Active Directory server? Basically other than dumping SAM which contains all hashes of everyone in the AD domain, can you do anything else with mimikatz?
Asked
Active
Viewed 368 times
1 Answers
1
Are you targeting to dump all the plaintext password of all users in AD?
As far as I know, you can use mimikatz sekurlsa module in dumping passwords, keys, pin codes, tickets from the memory of lsass in selected workstations, not in lsass of AD Server.
Refer to this https://github.com/gentilkiwi/mimikatz/wiki/module-~-sekurlsa#logonpasswords
If you want to dump all the user password hash in Domain, another thing you can do in mimikatz is DCsync which you can pull the password hash, as well as previous password hashes, it retrieves the password hashes from the NTDS.DIT. DSsync requires a privileged account with domain replication rights.
Refer to this link: https://adsecurity.org/?p=1729
Al Francis
- 278
- 1
- 11