Mimikatz-Everything.ps1

The following article will show a user how to run mimikatz-everything, a tool made by OvergrownCarrot1 (OGC). This tool can be found on github here:

https://github.com/overgrowncarrot1/Invoke-Everything/blob/main/mimikatz-everything.ps1

The first thing that we need to do is start a web server on the attacker machine that has mimikatz-everything and also Invoke-Mimikatz.ps1, which can be found at the bottom of this article.

After this there are many different commands we can run. Utilizing PowerShell’s auto fill options we can just tab our way through the script by running mimikatz-everything –(command here). This will then output how to input the command with a copy and paste function.

Let’s look at how some of the commands work, for many of the commands you need to understand what is going on with the system you are on, however, if you are running Invoke-Mimikatz.ps1 you should have a good understanding of what you are doing.

We will start with an LSA dump, as shown in the printscreen below the command dumps everything for LSA:

Copy and past the command that has been output and see what we get

Alright it looks like mimikatz did what it does and the commands we put in were correct. Now that we have this, let’s try a PTH

As shown above it outputs information into a question-and-answer format and then builds the copy and paste command below that

Great success, now let’s look at the vault command

We will answer Y for our demonstration

Looks like it dropped the vault and ran vault /patch

Continuing we can also run both golden and silver attacks. All the information we will need for these attacks can be found in the LSA dump command

And silver ticket

Continuing we can also call for SEKURLSA

Lastly, we can run DSYNC attack

Hopefully the mimikatz-everything script is helpful, thanks for reading.

https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1