Commit Graph

347 Commits

Author SHA1 Message Date
Benjamin DELPY 0c611b1445
Merge pull request #439 from chunhualiu/master
[change] Convert pointer to DWORD_PTR first to eliminate compile warning
2024-01-05 10:06:47 +01:00
Chunhua Liu 59852b7813 [change] Convert pointer to DWORD_PTR first to eliminate compile warning. 2024-01-05 16:56:17 +08:00
Benjamin DELPY ac143b45a5
Merge pull request #432 from SLiNv/master
Added Windows 11's Structure offset and updated key+IV offset for decryption
2023-11-09 23:47:40 +01:00
blackcat a2ac617638 Updated LsaSrvReferences and LsaInitializeProtectedMemory_KEY for parsing Windows 11's dump file 2023-08-03 01:55:55 -07:00
Benjamin DELPY a1fe3421cc
Update appveyor.yml 2023-07-24 10:56:21 +02:00
Benjamin DELPY ee4c009b6e
Update appveyor.yml 2023-07-24 10:44:26 +02:00
Benjamin DELPY f714190d95
Update appveyor.yml 2023-07-24 10:42:50 +02:00
Benjamin DELPY 9ee2e84129
Update appveyor.yml 2023-07-24 10:40:51 +02:00
Benjamin DELPY 6301d4d50d
Update appveyor.yml 2023-07-24 10:37:08 +02:00
Benjamin DELPY fdce5e8b5c
Update appveyor.yml 2023-07-24 10:14:02 +02:00
Benjamin DELPY c78b1cf37c Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32) 2022-09-19 23:24:53 +02:00
Benjamin DELPY ba53e96214 Trying Visual Studio 2019 build 2022-09-19 22:57:29 +02:00
Benjamin DELPY 82cb7eb237 [legacy] Some love for Windows XP (RtlDecryptMemory instead of CryptUnprotectMemory - did not exist) 2022-09-19 22:50:46 +02:00
Benjamin DELPY 746e2116d1 [legacy] Backport djoin parser & citrix SSO password extractor 2022-09-19 14:57:55 +02:00
Benjamin DELPY a2271237d1
Merge pull request #400 from dmb2168/master
cloudap support for versions > 1909
2022-07-29 21:34:40 +02:00
Benjamin DELPY f6024687f0
Merge pull request #362 from hubert3/master
Fix crypto::cng on Windows 10 x64 1909, 2004, 20H2, 21H2
2022-07-26 10:24:24 +02:00
hubert3 46952800a3 Fix crypto::cng patching on Windows 10 x64 21H2 (ncryptprov.dll 10.0.19041.1202), add comments with DLL versions for last 4 Windows builds 2022-07-26 17:40:27 +10:00
hubert3 729302c9f7 Add #define for Windows 10 21H2 (November 2021 Update) build version 19044 2022-07-26 17:38:10 +10:00
hubert3 161967de41 Fix crypto::cng on Windows 10 20H2 (aka version 2009 / build 19042) x64 to enable non-exportable private key export 2022-07-21 22:38:57 +10:00
hubert3 a952a601b5
Merge branch 'gentilkiwi:master' into master 2022-07-21 12:30:19 +10:00
dbienstock da34c29e45 cloudap support for versions > 1909. sort of hacky 2022-07-07 17:27:48 -04:00
Benjamin DELPY b401761f30 [new] Add Citrix Workspace saved password decryption in dpapi::citrix 2022-04-02 17:46:14 +02:00
Benjamin DELPY 501465faa1
Update README.md 2021-09-17 20:05:32 +02:00
Benjamin DELPY 14bbd5cb3a [new] lsadump::dcsync try to support /laps
[internal] ldap supports authentication
[internal] rpc cleanup for EFS
[internal] sekurlsa skeleton for 11/2022
2021-09-07 00:19:15 +02:00
Benjamin DELPY 17669a9d5d
Merge pull request #371 from matrix/dcsync_bitlocker
Dump ms-FVE-RecoveryInformation (Bitlocker Recovery Information) with DCSync
2021-09-05 19:28:59 +02:00
Benjamin DELPY 0581c93cb2
Update kuhl_m_lsadump_dc.c
More in `mimikatz` C coding style, otherwise seems good :)
2021-09-05 17:51:04 +02:00
Gabriele Gristina 293910419f Dump Bitlocker Recovery Information with DCSync 2021-09-04 20:37:32 +02:00
Benjamin DELPY 57bad57f81
Update README.md 2021-08-12 19:34:30 +02:00
Benjamin DELPY 7f02230226 [fix] mimikatz ts::logonpassword removed junk data after credentials 2021-08-10 17:21:25 +02:00
Benjamin DELPY d05fa5d43f [fix] mimikatz ts::logonpasswords search routines for Web credentials, thank you Lawrence Abrams (@Bleeping) 2021-08-10 01:59:35 +02:00
Benjamin DELPY 8c125e9636 [new] mimikatz ts::logonpasswords now tries to get credentials from Web RDS (HTLM 5) connections 2021-08-07 23:30:17 +02:00
Benjamin DELPY b5efa87e43 [update] mimispool PowerShell commands to use only one printer, from Microsoft 2021-07-30 23:18:04 +02:00
Benjamin DELPY b109ff64da
Create README.md 2021-07-30 01:42:02 +02:00
Benjamin DELPY e93375dc8a [fix] adding advapi32.lib to link against modern version of MSVC 2021-07-29 11:30:10 +02:00
Benjamin DELPY 247da32854 [new] mimispool module to support PrintNightmare 2.x and 4.x
[new] mimispool module now try to pop SYSTEM cmd on all active desktops
[new] mimikatz misc::printnightmare try to clean temporary printer driver (not available by default on remote ones)
2021-07-29 11:23:38 +02:00
Benjamin DELPY 2a5b839224 [enhancement] misc::spooler now supports transport authentication (SMB named pipe) 2021-07-25 00:49:52 +02:00
hubert3 aeda2f7f11 Merge branch 'master' of https://github.com/gentilkiwi/mimikatz 2021-07-23 14:10:50 +10:00
Benjamin DELPY dc1e3347a5 [new] mimikatz misc::efs to play with [MS-EFSR], inspired by @topotam work on PetitPotam 2021-07-23 01:26:49 +02:00
hubert3 c0a8dc667e Merge branch 'master' of https://github.com/gentilkiwi/mimikatz 2021-07-22 16:13:10 +10:00
Benjamin DELPY ba3c2c66f6 [new] mimikatz misc::shadowcopies (to display some properties without admin rights)
[new] mimikatz mimispool module includes some functions for printnigtmare v3/v4 (must be recompiled after adjust)
[internal] new ntdll.min.lib to call NtOpenDirectoryObject/NtQueryDirectoryObject
2021-07-21 23:50:54 +02:00
hubert3 6825c58516 Fix crypto::cng on Windows 10 x64 version 1909 (ERROR kull_m_patch_genericProcessOrServiceFromBuild ; kull_m_patch (0x00000000))
Non-exportable private key export succeeds with crypto::certificates /systemstore:local_machine /export
Tested with:  Win10 Pro x64 Version 1909 Build 18363.1556 (ncryptprov.dll 10.0.18362.1411)
Also works on Win10 Pro x64 Version 2004 Build 19041.804  (ncryptprov.dll 10.0.19041.662)
2021-07-21 23:49:44 +10:00
Benjamin DELPY c8920c74b2 [clean] version, copyright & project 2021-07-14 18:57:30 +02:00
Benjamin DELPY 571fc8cc99 [fix] mimikatz as DLL, new console is not mandatory 2021-07-14 17:37:12 +02:00
Benjamin DELPY fc7f5cc2a3 [new] mimikatz misc::printnightmare rewrited :) (more love inside)
[fix #359] internal busylight module (less memory leak ;)) - thank you @JohnLaTwC
2021-07-09 23:27:22 +02:00
Benjamin DELPY baaa26116a [new] mimikatz misc::printnightmare will normalize UNC path for library (\\ to \??\UNC\) 2021-07-07 15:14:41 +02:00
Benjamin DELPY b71f27b634 [fix] mimikatz misc::printnightmare output and functions names 2021-07-06 22:44:06 +02:00
Benjamin DELPY bb8ccea8d9 [new] mimikatz misc::printnightmare LPE support under certain circumstances (Point & Print / UAC) 2021-07-06 17:28:56 +02:00
Benjamin DELPY 8a2302ae64 [new] mimikatz misc::printnightmare added a /clean parameters to remove `mimikatz-*` drivers (admin rights needed), and list drivers if no command 2021-07-05 23:44:37 +02:00
Benjamin DELPY 51dc7c0363 [fix] mimikatz misc::printnightmare with @citronneur idea to avoid 'bruteforce' directories
[new] mimispool library (specific fail at load to avoid lock)
2021-07-05 15:02:26 +02:00
Benjamin DELPY 9ad02da948 [new] mimikatz misc::printnightmare now uses [ms-par] instead of [ms-rprn], thank you @cube0x0 2021-07-04 22:29:12 +02:00