mimikatz: add pages (#17405)

Co-authored-by: Managor <[email protected]>

Author: SpikeTheDragon40k

pages/windows/mimikatz-crypto.md

@@ -0,0 +1,16 @@
+# mimikatz crypto
+
+> Manipulate Windows cryptographic services and certificates.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List cryptographic providers:
+
+`mimikatz "crypto::providers"`
+
+- List keys in a cryptographic provider:
+
+`mimikatz "crypto::capi"`
+
+- Export certificates and keys:
+
+`mimikatz "crypto::certificates /export"`

pages/windows/mimikatz-dpapi.md

@@ -0,0 +1,16 @@
+# mimikatz dpapi
+
+> Interact with the Windows Data Protection API (DPAPI).
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List master keys:
+
+`mimikatz "dpapi::masterkey /list"`
+
+- Decrypt a DPAPI blob:
+
+`mimikatz "dpapi::blob /in:blob_file.bin"`
+
+- Retrieve Chrome credentials using DPAPI:
+
+`mimikatz "dpapi::chrome /in:Login Data"`

pages/windows/mimikatz-event.md

@@ -0,0 +1,12 @@
+# mimikatz event
+
+> Manage Windows Event Log records.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Clear event logs:
+
+`mimikatz "event::clear"`
+
+- Display event log sources:
+
+`mimikatz "event::providers"`

pages/windows/mimikatz-kerberos.md

@@ -0,0 +1,16 @@
+# mimikatz kerberos
+
+> Interact with Kerberos tickets.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List current Kerberos tickets:
+
+`mimikatz "kerberos::list"`
+
+- Purge all Kerberos tickets:
+
+`mimikatz "kerberos::purge"`
+
+- Inject a ticket from a `.kirbi` file:
+
+`mimikatz "kerberos::ptt ticket.kirbi"`

pages/windows/mimikatz-lsadump.md

@@ -0,0 +1,17 @@
+# mimikatz lsadump
+
+> Dump secrets from the Windows Local Security Authority (LSA).
+> Requires SYSTEM privileges.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Dump SAM hashes:
+
+`mimikatz "lsadump::sam"`
+
+- Dump secrets from the SECURITY hive:
+
+`mimikatz "lsadump::secrets"`
+
+- Dump cached domain credentials:
+
+`mimikatz "lsadump::cache"`

pages/windows/mimikatz-misc.md

@@ -0,0 +1,16 @@
+# mimikatz misc
+
+> Miscellaneous system and utility commands.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Trigger Blue Screen of Death (for testing):
+
+`mimikatz "misc::bsod"`
+
+- List loaded kernel drivers:
+
+`mimikatz "misc::minidump"`
+
+- Change system time:
+
+`mimikatz "misc::systemtime"`

pages/windows/mimikatz-net.md

@@ -0,0 +1,16 @@
+# mimikatz net
+
+> Perform network and domain operations.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List domain users:
+
+`mimikatz "net::users"`
+
+- List domain computers:
+
+`mimikatz "net::computers"`
+
+- Retrieve domain controller information:
+
+`mimikatz "net::domaincontrollers"`

pages/windows/mimikatz-privilege.md

@@ -0,0 +1,12 @@
+# mimikatz privilege
+
+> Manage privileges for mimikatz operations.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Enable debug privilege (required for many modules):
+
+`mimikatz "privilege::debug"`
+
+- Check current privilege state:
+
+`mimikatz "privilege::whoami"`

pages/windows/mimikatz-process.md

@@ -0,0 +1,12 @@
+# mimikatz process
+
+> Manage process privileges and tokens.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List processes with their tokens:
+
+`mimikatz "process::list"`
+
+- Elevate mimikatz to a SYSTEM process:
+
+`mimikatz "process::token /user:NT AUTHORITY\SYSTEM"`

pages/windows/mimikatz-sekurlsa.md

@@ -0,0 +1,17 @@
+# mimikatz sekurlsa
+
+> Extract credentials and secrets from memory.
+> Requires debug privileges.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Extract plaintext passwords:
+
+`mimikatz "sekurlsa::logonpasswords"`
+
+- List Kerberos tickets in memory:
+
+`mimikatz "sekurlsa::tickets"`
+
+- Dump LSA secrets:
+
+`mimikatz "sekurlsa::secrets"`