Dump Windows Passwords with Mimikatz

If you need to find the password for an account logged into the server (eg a service account), you can run a tool called mimikatz (written by Benjamin Delpy) to do this.  This tool allows you to read the clear text password stored by LSASS.

I did wonder my LSASS would store passwords in clear text, and after a bit of research it is used to support HTTP Digest Authentication and any other schemes that require the authenticating party to know the password, and not just the hash.

 

You can download mimikatz from the following website.  You will probably need to disable your antivirus, as mimikatz can be picked up as malicious software.

http://blog.gentilkiwi.com/mimikatz

 

You now need to run the following command:

privilege::debug
log sekurlsa.log
sekurlsa::logonpasswords

 

This will dump from memory the users and passwords to a logfile (sekurlsa.log)