Mimikatz Question

Home Forums Mimikatz Question

This topic contains 0 replies, has 1 voice, and was last updated by  BrianMiz 1 month ago.

  • Author
    Posts
  • #134893

    BrianMiz
    Member

    So I recently ran mimikatz as a proof of concept for my self on my fully updated Windows 10 Pro machine and just had a question on how LSASS stores passwords and how mimikatz displayed the passwords. Just to clarify I ran mimkatz using an LSASS dump.

    ​

    I understand the concept of how LSASS stores passwords in memory but why when mimikatz is run it displays the plaintext password under Kerberos [https://imgur.com/a/rfq6Qcr](https://imgur.com/a/rfq6Qcr)? From my understanding, I thought Kerberos was used in domain environments for authentication but I am not on a domain.

    ​

    I was able to trigger LSASS to store my password in plaintext by running task manager with the “RunAs” option (Microsoft explains what passwords get stored in memory and on disk here [https://bit.ly/2mc6uR3](https://bit.ly/2mc6uR3)) but why does it by default store it in plaintext and not a hash value?

You must be logged in to reply to this topic.