Commands

Popular Commands

List/Export Certificates

CRYPTO::Certificates

Create Golden/Silver/Trust Tickets

KERBEROS::Golden

List All User Tickets (TGT and TGS) in User Memory

No special privileges required since it only displays the current user's tickets. Similar to functionality of "klist"

KERBEROS::List

Pass The Ticket

Typically used to inject a stolen or forged Kerberos ticket (golden/silver/trust)

KERBEROS::PTT

Ask a DC to Synchronize an Object (Get Password Data for Account)

No need to run code on the DC

LSADUMP::DCSync

Ask LSA Server to Retrieve SAM/AD Enterprise

Use to dump all Active Directory domain credentials from a Domain Controller or lsass.dmp dump file. Also used to get specific account credentials such as krbtgt with the parameter /name:krbtgt

LSADUMP::LSA

Get the SysKey to Decrypt SAM Entries From Registry or Hive

The SAM option connects to the local Security Account Manager (SAM) database and dumps credentials for local accounts. This is used to dump all local credentials on a Windows computer

LSADUMP::SAM

Ask LSA Server to Retrieve Trust Auth Information

Dumps trust keys (passwords) for all associated trusts (domain/forest)

LSADUMP::Trust

Add to SIDHistory to User Account

The first value is the target account and the second value is the account/group names or SID. Moved to SID:Modify as of May 6th 2016.

MISC::AddSid

Inject Skeleton Key into LSASS Process on Domain Controller

This enables all user authentication to the Skeleton Key patched DC to use a "master password" (aka Skeleton Keys) as well as their usual password

MISC::Skeleton

Get Debug Rights

This or Local System rights is required for many Mimikatz commands

PRIVILEGE::Debug

List Kerberos Encryption Keys

SEKURLSA::Ekeys

List Kerberos Credential for All Authenticated Users

SEKURLSA::Kerberos

Get Domain Kerberos Service Account (KRBTGT) Password Data

SEKURLSA::Krbtgt

List All Available Provider Credentials

This usually shows recently logged on user and computer credentials

SEKURLSA::LogonPasswords

Pass the Hash and OverPass the Hash

SEKURLSA::Pth

List All Available Kerberos Tickets for Recently Authenticated Users

Lists all available Kerberos tickets for all recently authenticated users, including services running under the context of a user account and the local computer's AD computer account. Unlike kerberos::list, sekurlsa uses memory reading and is not subject to key export restrictions. Serkurlsa can access tickets of other sessions (users).

SEKURLSA::Tickets

List all Tokens of the System

TOKEN::List

Impersonate a Token

Used to elevate permissions to SYSTEM(default) or find a domain admin token on the box.

TOKEN::Elevate

Impersonate a token with Domain Admin credentials

TOKEN::Elevate /domainadmin

MimikatzActive Directory & Azure AD/Entra ID Security

PreviousMimikatz NextCommand Line and Interactive Use

Last updated 9 months ago