Choose your stager.
regsrvr and mshta seem to work well.
After you have a zombie, run other toys
implant/elevate/bypassuac_
set payload to 0 on this
Once you have an admin session you can dump the hashes:
implant/gather/hashdump_sam
You can scan the internal network:
implant/scan/tcp
Mimikatz works well for me, as long as you have an admin session. You can tell that buy running zombies by itself. Under the ID column, if it has an asterisk (*) that means admin session.
Binary files are stored here: /pentest/post-exploitation/koadic/data/bin
Note: I installed my version through the PTF tool by Dave K.
