Example Usage
# Extract LSASS credentials from a VMware snapshot ./vmkatz snapshot.vmsn # With pagefile resolution for paged-out creds ./vmkatz --disk disk.vmdk snapshot.vmsn # Extract SAM/LSA/DCC2 from a virtual disk ./vmkatz disk.vmdk # Extract AD hashes from a domain controller disk ./vmkatz --ntds dc-disk.qcow2 # Point at a VM folder and let it find everything ./vmkatz /path/to/vm-directory/ # Extract from raw registry hives ./vmkatz SAM SYSTEM SECURITY # Output as hashcat-ready hashes ./vmkatz --format hashcat snapshot.vmsn # Export Kerberos tickets ./vmkatz --kirbi snapshot.vmsn # .kirbi files ./vmkatz --ccache snapshot.vmsn # .ccache file # Export BitLocker FVEK for dislocker ./vmkatz --bitlocker-fvek /tmp/keys snapshot.vmsn # Recursively scan all VMs under a path ./vmkatz -r /vmfs/volumes/datastore1/ # Parse LSASS minidump ./vmkatz lsass.dmp
See also
Impacket-secretsdump
Open Source
Kali
Dumps secrets remotely using a variety of techniques including DCSync (without running code on DC), …
Netexec (nxc)
Open Source
Kali
The maintained fork and successor to CrackMapExec. Network service exploitation Swiss army knife for…
WADComs.github.io
Open Source
WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and the…
GTFOBins
Open Source
Curated list of Unix binaries that can be used to bypass local security restrictions. Shows how to a…
AndroidHack_BackDoor
Free
Kali
Android-BackDoor is a python and shell script that simplifies the process of adding a backdoor to an…
PassTester
Open Source
Identify the accounts most vulnerable to dictionary attacks…