0x00 标准模块
Module : standard
Full name : Standard module
Description : Basic commands (does not require module name)
exit - Quit mimikatz
cls - Clear screen (doesn't work with redirections, like PsExec)
answer - Answer to the Ultimate Question of Life, the Universe, and Everything
coffee - Please, make me a coffee!
sleep - Sleep an amount of milliseconds
log - Log mimikatz input/output to file // log 1.txt 设置日志文件为1.txt;log /stop 停止日志记录
base64 - Switch file input/output base64
version - Display some version informations
cd - Change or display current directory
localtime - Displays system local date and time (OJ command)
hostname - Displays system local hostname
0x01 模块列表
1、standard - Standard module [Basic commands (does not require module name)]
2、crypto - Crypto Module
Module : crypto
Full name : Crypto Module
providers - List cryptographic providers
stores - List cryptographic stores
certificates - List (or export) certificates
keys - List (or export) keys containers
sc - List smartcard readers
hash - Hash a password with optional username
system - Describe a Windows System Certificate (file, TODO:registry or hive)
scauth - Create a authentication certitifate (smartcard like) from a CA
certtohw - Try to export a software CA to a crypto (virtual)hardware
capi - [experimental] Patch CryptoAPI layer for easy export
cng - [experimental] Patch CNG service for easy export
extract - [experimental] Extract keys from CAPI RSA/AES provider
3、sekurlsa - SekurLSA module [Some commands to enumerate credentials...]
4、kerberos - Kerberos package module []
5、privilege - Privilege module
Module : privilege
Full name : Privilege module
debug - Ask debug privilege
driver - Ask load driver privilege
security - Ask security privilege
tcb - Ask tcb privilege
backup - Ask backup privilege
restore - Ask restore privilege
sysenv - Ask system environment privilege
id - Ask a privilege by its id
name - Ask a privilege by its name
6、process - Process module
7、service - Service module
8、lsadump - LsaDump module
9、ts - Terminal Server module
10、event - Event module
11、misc - Miscellaneous module
12、token - Token manipulation module
13、vault - Windows Vault/Credential module
14、minesweeper - MineSweeper module
15、net -
16、dpapi - DPAPI Module (by API or RAW access) [Data Protection application programming interface]
17、busylight - BusyLight Module
18、sysenv - System Environment Value module
19、sid - Security Identifiers module
20、iis - IIS XML Config module
21、rpc - RPC control of mimikatz
22、sr98 - RF module for SR98 device and T5577 target
23、rdm - RF module for RDM(830 AL) device
24、acr - ACR Module
Ref
1、《官方帮助》 https://github.com/gentilkiwi/mimikatz/wiki
2、《Unofficial Guide to Mimikatz & Command Reference》https://adsecurity.org/?page_id=1821