LogonPasswords
Executes Mimikatz's sekurlsa::logonpasswords on the target system.
Output for each system is stored in $pwd\PME\LogonPasswords\
Supported Methods
MSSQL
SMB
SessionHunter (WMI)
WMI
WinRM
Optional Parameters
Usage
Parsing
If -NoParse
is not specified, , PsMapExec will parse the results from each system and present the results in a digestable and readable format. The notes field will highlight in yellow any interesting information about each result.
The table below shows the possible values for the notes field.
At the end of parsing all unique NTLM hashes will be shown in the console window. A Hashcat ready file will also be populated for collected NTLM hashes in:
$pwd\PME\LogonPasswords\.AllUniqueNTLM.txt
Last updated