skeleton
misc::skeleton
injects a "Skeleton Key" into the LSASS process on the domain controller. A "master password" can then be used to authenticate as any domain user, while domain users can authenticate with their own password. The default skeleton key password is mimikatz
.
The command has the following argument:
/letaes
This command requires elevated privileges (by previously running privilege::debug
or by executing Mimikatz as the NT-AUTHORITY\SYSTEM
account).
If the LSA protection is enabled, then the following commands can be used to remove it.
More information on the Skeleton Key attack on The Hacker Recipes.
Last updated