Grabbing Passwords from Memory using Procdump and Mimikatz

When I was working on my Pulling Remote Word Documents from RAM using Kali Linux article, I was curious if you could use the same technique to pull the system passwords, and you can…

With the help of Mimikatz!

I tried grabbing the lsass.exe process with procdump, just like I did in the previous article, but when I ran strings I didn’t see any passwords. Well, silly me, you wouldn’t! But as the Zena Forensics blog explains, just take the lsass.exe procdump and run Mimikatz on it!

(Sorry Gentilkiwi, you would think I would know better! 🙂 )

Okay, so once we have the procdump of the lsass.exe process saved as lsassdump.dmp like so:

lsass prodump

All we need to do is run the resultant .dmp file through Mimikatz:

  • Run Mimikatz
  • Type, “sekurlsa::Minidump lsassdump.dmp
  • Lastly type, “sekurlsa::logonPasswords

And that is it! Mimikatz works it’s magic on the dmp file and within a second or so we see this:

passwords

Passwords! Wow, this is a really secure Windows 7 system I see…

So if we can get a memory dump of the lsass.exe process (you need to have an administrator level account to do so) we can take our time and pop the passwords out of it at any time (and anywhere) with Mimikatz.

 

 

~ by D. Dieterle on March 16, 2015.

6 Responses to “Grabbing Passwords from Memory using Procdump and Mimikatz”

  1. […] When I was working on my Pulling Remote Word Documents from RAM using Kali Linux article, I was curious if you could use the same technique to pull the system passwords, and you can…With the help of Mimikatz!  […]

  2. […] mimikatz to recover cleartext passwords of logged-on Windows users. See Grabbing Passwords from Memory using Procdump and Mimikatz […]

  3. […] you know that you can grab plaintext passwords from a memory dump of lsass? Mimikatz for the […]

  4. Hi,

    I tried through twitter, but I was unable to send you a DM.
    I`d like to ask you if you could help me, I`m trying to learn pentesting, but there is a lot of stuff and I don`t know on what to focus.

    Could you help me, by saying some topics or knowledge to start, I already act as backend developer.

    Thanks in advance

  5. Hi,

    Thanks for sharing this informative source to us. It’s very useful to all pc users.

  6. Reblogged this on The Powers That Beat.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: