Last active
August 21, 2025 16:06
-
-
Save Raikia/66ba8279971d16770e94 to your computer and use it in GitHub Desktop.
Revisions
-
Raikia revised this gist
Mar 25, 2016 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,7 @@ Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password" First, before using these parsers, run: "dos2unix mimikatz_dump.txt" Mimikatz 1.0: cat mimikatz_dump.txt | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u -
Mar 25, 2016 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,7 +5,7 @@ Mimikatz 1.0: cat mimikatz_dump.txt | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons): cat mimikatz_dump.txt | pcregrep -M 'Username\s+:\s+[^\s]+\n.*Domain\s+:\s+[^\s]+\n.*Password\s+:\s+[^\s]+\n' | sed "s/'/\\\'/" | xargs -L 3 echo | grep -v '\(null\)' | sed -e 's/* Username : //g;s/* Domain ://g;s/* Password ://g' | awk '{print $2 "\\" $1 ":" $3}' | sort -u -
Mar 25, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,18 @@ Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password" Mimikatz 1.0: cat mimikatz_dump.txt | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u Mimikatz 2.0: cat mimikatz_dump.txt | pcregrep -M 'Username\s+:\s+[^\s]+\n.*Domain\s+:\s+[^\s]+\n.*Password\s+:\s+[^\s]+\n' | sed "s/'/\\\'/" | xargs -L 3 echo | grep -v '\(null\)' | sed -e 's/* Username : //g;s/* Domain ://g;s/* Password ://g' | awk '{print $2 "\\" $1 ":" $3}' | sort -u Pretty useful! https://github.com/Raikia https://twitter.com/raikiasec @raikiasec