During a penetration testing exercise, you have gained access to a Windows server and intend to use a post-exploitation tool to extract credential data from the system memory. Which command would you use with the tool to retrieve this sensitive information?
The correct answer is privilege::debug sekurlsa::logonpasswords because when using Mimikatz, one must first obtain the proper privileges to interact with the system processes. The privilege::debug command grants the necessary rights to access sensitive areas of the operating system, and the sekurlsa::logonpasswords command then extracts the plaintext passwords, hashes, and other details for accounts that are logged in or have logged in previously. The other options listed either represent incorrect or non-existent commands in the context of Mimikatz and thus would not achieve the desired outcome.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Mimikatz and how does it work?
Open an interactive chat with Bash
Why do I need to use 'privilege::debug' before 'sekurlsa::logonpasswords'?
Open an interactive chat with Bash
What types of information can 'sekurlsa::logonpasswords' extract?