mimikatz: add pages (#17405)

Co-authored-by: Managor <42655600+Managor@users.noreply.github.com>

pages/windows/mimikatz-crypto.md

@@ -0,0 +1,16 @@
+# mimikatz crypto
+
+> Manipulate Windows cryptographic services and certificates.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List cryptographic providers:
+
+`mimikatz "crypto::providers"`
+
+- List keys in a cryptographic provider:
+
+`mimikatz "crypto::capi"`
+
+- Export certificates and keys:
+
+`mimikatz "crypto::certificates /export"`

pages/windows/mimikatz-dpapi.md

@@ -0,0 +1,16 @@
+# mimikatz dpapi
+
+> Interact with the Windows Data Protection API (DPAPI).
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List master keys:
+
+`mimikatz "dpapi::masterkey /list"`
+
+- Decrypt a DPAPI blob:
+
+`mimikatz "dpapi::blob /in:blob_file.bin"`
+
+- Retrieve Chrome credentials using DPAPI:
+
+`mimikatz "dpapi::chrome /in:Login Data"`

pages/windows/mimikatz-event.md

@@ -0,0 +1,12 @@
+# mimikatz event
+
+> Manage Windows Event Log records.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Clear event logs:
+
+`mimikatz "event::clear"`
+
+- Display event log sources:
+
+`mimikatz "event::providers"`

pages/windows/mimikatz-kerberos.md

@@ -0,0 +1,16 @@
+# mimikatz kerberos
+
+> Interact with Kerberos tickets.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List current Kerberos tickets:
+
+`mimikatz "kerberos::list"`
+
+- Purge all Kerberos tickets:
+
+`mimikatz "kerberos::purge"`
+
+- Inject a ticket from a `.kirbi` file:
+
+`mimikatz "kerberos::ptt ticket.kirbi"`

pages/windows/mimikatz-lsadump.md

@@ -0,0 +1,17 @@
+# mimikatz lsadump
+
+> Dump secrets from the Windows Local Security Authority (LSA).
+> Requires SYSTEM privileges.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Dump SAM hashes:
+
+`mimikatz "lsadump::sam"`
+
+- Dump secrets from the SECURITY hive:
+
+`mimikatz "lsadump::secrets"`
+
+- Dump cached domain credentials:
+
+`mimikatz "lsadump::cache"`

pages/windows/mimikatz-misc.md

@@ -0,0 +1,16 @@
+# mimikatz misc
+
+> Miscellaneous system and utility commands.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Trigger Blue Screen of Death (for testing):
+
+`mimikatz "misc::bsod"`
+
+- List loaded kernel drivers:
+
+`mimikatz "misc::minidump"`
+
+- Change system time:
+
+`mimikatz "misc::systemtime"`

pages/windows/mimikatz-net.md

@@ -0,0 +1,16 @@
+# mimikatz net
+
+> Perform network and domain operations.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List domain users:
+
+`mimikatz "net::users"`
+
+- List domain computers:
+
+`mimikatz "net::computers"`
+
+- Retrieve domain controller information:
+
+`mimikatz "net::domaincontrollers"`

pages/windows/mimikatz-privilege.md

@@ -0,0 +1,12 @@
+# mimikatz privilege
+
+> Manage privileges for mimikatz operations.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Enable debug privilege (required for many modules):
+
+`mimikatz "privilege::debug"`
+
+- Check current privilege state:
+
+`mimikatz "privilege::whoami"`

pages/windows/mimikatz-process.md

@@ -0,0 +1,12 @@
+# mimikatz process
+
+> Manage process privileges and tokens.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List processes with their tokens:
+
+`mimikatz "process::list"`
+
+- Elevate mimikatz to a SYSTEM process:
+
+`mimikatz "process::token /user:NT AUTHORITY\SYSTEM"`

pages/windows/mimikatz-sekurlsa.md

@@ -0,0 +1,17 @@
+# mimikatz sekurlsa
+
+> Extract credentials and secrets from memory.
+> Requires debug privileges.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Extract plaintext passwords:
+
+`mimikatz "sekurlsa::logonpasswords"`
+
+- List Kerberos tickets in memory:
+
+`mimikatz "sekurlsa::tickets"`
+
+- Dump LSA secrets:
+
+`mimikatz "sekurlsa::secrets"`

pages/windows/mimikatz-service.md

@@ -0,0 +1,16 @@
+# mimikatz service
+
+> Manage Windows services through mimikatz.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Start a service:
+
+`mimikatz "service::start service_name"`
+
+- Stop a service:
+
+`mimikatz "service::stop service_name"`
+
+- Delete a service:
+
+`mimikatz "service::delete service_name"`

pages/windows/mimikatz-standard.md

@@ -0,0 +1,16 @@
+# mimikatz standard
+
+> Basic commands and mimikatz environment management.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Display system information:
+
+`mimikatz "standard::info"`
+
+- Clear the mimikatz command history:
+
+`mimikatz "standard::clearev"`
+
+- Show command history:
+
+`mimikatz "standard::history"`

pages/windows/mimikatz-token.md

@@ -0,0 +1,16 @@
+# mimikatz token
+
+> List and manipulate security tokens.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List tokens:
+
+`mimikatz "token::list"`
+
+- Elevate privileges by impersonating a token:
+
+`mimikatz "token::elevate"`
+
+- Revert to original token:
+
+`mimikatz "token::revert"`

pages/windows/mimikatz-vault.md

@@ -0,0 +1,12 @@
+# mimikatz vault
+
+> Extract credentials stored in the Windows Credential Vault.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List vault credentials:
+
+`mimikatz "vault::list"`
+
+- Dump all vault credentials:
+
+`mimikatz "vault::cred"`

pages/windows/mimikatz.md

@@ -0,0 +1,37 @@
+# mimikatz
+
+> Interact with Windows credentials, perform credential dumping, token manipulation, and more.
+> Requires administrator privileges and typically runs on Windows.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Run mimikatz in interactive mode:
+
+`mimikatz`
+
+- Enable debug privileges (needed for most operations):
+
+`mimikatz "privilege::debug"`
+
+- List available logon sessions:
+
+`mimikatz "sekurlsa::logonpasswords"`
+
+- Dump plaintext passwords, NTLM hashes, and Kerberos tickets from memory:
+
+`mimikatz "sekurlsa::logonpasswords"`
+
+- Pass-the-Hash with a specific NTLM hash and launch a command:
+
+`mimikatz "sekurlsa::pth /user:{{username}} /domain:{{domain}} /ntlm:{{hash}} /run:{{cmd}}"`
+
+- Dump local SAM database hashes:
+
+`mimikatz "lsadump::sam"`
+
+- Extract Kerberos tickets and export to a file:
+
+`mimikatz "kerberos::list /export"`
+
+- Exit mimikatz:
+
+`exit`