Skip to content
Benjamin DELPY edited this page Apr 26, 2014 · 37 revisions

mimikatz is a tool I've made to learn C and make somes experiments with Windows security.

It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory.
mimikatz can also perform pass-the-hash, pass-the-ticket, build Golden tickets, play with certificates or private keys, vault, ...
maybe make coffee?

Its symbol is a kiwi:

  .#####.   mimikatz 2.0 alpha (x64) release "Kiwi en C" (Apr 26 2014 00:25:11)
 .## ^ ##.
 ## / \ ##  /* * *
 ## \ / ##   Benjamin DELPY `gentilkiwi` ( [email protected] )
 '## v ##'   http://blog.gentilkiwi.com/mimikatz             (oe.eo)
  '#####'                                    with  14 modules * * */

sometimes the animal, but mostly the fruit!

How can you get it?

Basics

Modules

About me

History

I started to code mimikatz for some reasons:

  • improve my knowledge, especially in C/C++ for Windows ;
  • explain security concepts ;
  • prove to Microsoft that sometimes they must change old habits.

mimikatz is now 2.0, but is born in 2007, it was known by other names:

  • kdll ; a simple DLL injector
  • kdllpipe ; first version to accomplish Pass-The-Hash, with interaction on a named pipe
  • katz ;
  • mimikatz !

External resources

Some amazing alternative versions of mimikatz, w00tw00t! 😊

Some ressources inspired by my work