Kiwi

Kiwi - Meterpreter Plugin

The Meterpreter Kiwi plugin is an advanced post-exploitation tool within the Metasploit Framework, designed to interact with and extract sensitive data from compromised Windows systems.

Kiwi is an extension of the Meterpreter payload and integrates features from Mimikatz, a widely used post-exploitation tool for extracting passwords, hashes, and credentials from Windows systems.

Key Features of Kiwi

Extract password hashes from memory
Retrieve plaintext passwords
Dump LSA secrets and SAM database credentials
Perform Kerberos ticket extraction

Using the Kiwi Plugin in Meterpreter

Load the Kiwi plugin:
```
load kiwi
```
Dump all credentials (including NTLM hashes, plaintext passwords, and Kerberos tickets):
```
creds_all
```
Dump the Security Account Manager (SAM) database:
```
lsa_dump_sam
```
- Extracts local account hashes from the SAM registry hive.
Dump LSA secrets:
```
lsa_dump_secrets
```
- Retrieves stored passwords and credentials from the Local Security Authority (LSA) subsystem.

PreviousEnumeration NextIncognito

Last updated 5 months ago