Mimikatz

"A little tool to play with Windows security."

Mimikatz is a Windows post-exploitation tool written by Benjamin Delpy (@gentilkiwi). It allows for the extraction of plaintext credentials from memory, password hashes from local SAM/NTDS.dit databases, advanced Kerberos functionality, and more.

The Mimikatz codebase is located at https://github.com/gentilkiwi/mimikatz/, and there is also an expanded wiki at https://github.com/gentilkiwi/mimikatz/wiki . Empire uses an adapted version of PowerSploit’s Invoke-Mimikatz function written by Jospeh Bialek to execute Mimikatz functionality in straight PowerShell without touching disk.

Credentials | Kerberos