Benjamin DELPY
0c611b1445
Merge pull request #439 from chunhualiu/master
...
[change] Convert pointer to DWORD_PTR first to eliminate compile warning
2024-01-05 10:06:47 +01:00
Chunhua Liu
59852b7813
[change] Convert pointer to DWORD_PTR first to eliminate compile warning.
2024-01-05 16:56:17 +08:00
Benjamin DELPY
ac143b45a5
Merge pull request #432 from SLiNv/master
...
Added Windows 11's Structure offset and updated key+IV offset for decryption
2023-11-09 23:47:40 +01:00
blackcat
a2ac617638
Updated LsaSrvReferences and LsaInitializeProtectedMemory_KEY for parsing Windows 11's dump file
2023-08-03 01:55:55 -07:00
Benjamin DELPY
a1fe3421cc
Update appveyor.yml
2023-07-24 10:56:21 +02:00
Benjamin DELPY
ee4c009b6e
Update appveyor.yml
2023-07-24 10:44:26 +02:00
Benjamin DELPY
f714190d95
Update appveyor.yml
2023-07-24 10:42:50 +02:00
Benjamin DELPY
9ee2e84129
Update appveyor.yml
2023-07-24 10:40:51 +02:00
Benjamin DELPY
6301d4d50d
Update appveyor.yml
2023-07-24 10:37:08 +02:00
Benjamin DELPY
fdce5e8b5c
Update appveyor.yml
2023-07-24 10:14:02 +02:00
Benjamin DELPY
c78b1cf37c
Revert to Visual Studio 2013 (due to an error in Microsoft headers, can't build in Win32)
2022-09-19 23:24:53 +02:00
Benjamin DELPY
ba53e96214
Trying Visual Studio 2019 build
2022-09-19 22:57:29 +02:00
Benjamin DELPY
82cb7eb237
[legacy] Some love for Windows XP (RtlDecryptMemory instead of CryptUnprotectMemory - did not exist)
2022-09-19 22:50:46 +02:00
Benjamin DELPY
746e2116d1
[legacy] Backport djoin parser & citrix SSO password extractor
2022-09-19 14:57:55 +02:00
Benjamin DELPY
a2271237d1
Merge pull request #400 from dmb2168/master
...
cloudap support for versions > 1909
2022-07-29 21:34:40 +02:00
Benjamin DELPY
f6024687f0
Merge pull request #362 from hubert3/master
...
Fix crypto::cng on Windows 10 x64 1909, 2004, 20H2, 21H2
2022-07-26 10:24:24 +02:00
hubert3
46952800a3
Fix crypto::cng patching on Windows 10 x64 21H2 (ncryptprov.dll 10.0.19041.1202), add comments with DLL versions for last 4 Windows builds
2022-07-26 17:40:27 +10:00
hubert3
729302c9f7
Add #define for Windows 10 21H2 (November 2021 Update) build version 19044
2022-07-26 17:38:10 +10:00
hubert3
161967de41
Fix crypto::cng on Windows 10 20H2 (aka version 2009 / build 19042) x64 to enable non-exportable private key export
2022-07-21 22:38:57 +10:00
hubert3
a952a601b5
Merge branch 'gentilkiwi:master' into master
2022-07-21 12:30:19 +10:00
dbienstock
da34c29e45
cloudap support for versions > 1909. sort of hacky
2022-07-07 17:27:48 -04:00
Benjamin DELPY
b401761f30
[new] Add Citrix Workspace saved password decryption in dpapi::citrix
2022-04-02 17:46:14 +02:00
Benjamin DELPY
501465faa1
Update README.md
2021-09-17 20:05:32 +02:00
Benjamin DELPY
14bbd5cb3a
[new] lsadump::dcsync try to support /laps
...
[internal] ldap supports authentication
[internal] rpc cleanup for EFS
[internal] sekurlsa skeleton for 11/2022
2021-09-07 00:19:15 +02:00
Benjamin DELPY
17669a9d5d
Merge pull request #371 from matrix/dcsync_bitlocker
...
Dump ms-FVE-RecoveryInformation (Bitlocker Recovery Information) with DCSync
2021-09-05 19:28:59 +02:00
Benjamin DELPY
0581c93cb2
Update kuhl_m_lsadump_dc.c
...
More in `mimikatz` C coding style, otherwise seems good :)
2021-09-05 17:51:04 +02:00
Gabriele Gristina
293910419f
Dump Bitlocker Recovery Information with DCSync
2021-09-04 20:37:32 +02:00
Benjamin DELPY
57bad57f81
Update README.md
2021-08-12 19:34:30 +02:00
Benjamin DELPY
7f02230226
[fix] mimikatz ts::logonpassword removed junk data after credentials
2021-08-10 17:21:25 +02:00
Benjamin DELPY
d05fa5d43f
[fix] mimikatz ts::logonpasswords search routines for Web credentials, thank you Lawrence Abrams (@Bleeping)
2021-08-10 01:59:35 +02:00
Benjamin DELPY
8c125e9636
[new] mimikatz ts::logonpasswords now tries to get credentials from Web RDS (HTLM 5) connections
2021-08-07 23:30:17 +02:00
Benjamin DELPY
b5efa87e43
[update] mimispool PowerShell commands to use only one printer, from Microsoft
2021-07-30 23:18:04 +02:00
Benjamin DELPY
b109ff64da
Create README.md
2021-07-30 01:42:02 +02:00
Benjamin DELPY
e93375dc8a
[fix] adding advapi32.lib to link against modern version of MSVC
2021-07-29 11:30:10 +02:00
Benjamin DELPY
247da32854
[new] mimispool module to support PrintNightmare 2.x and 4.x
...
[new] mimispool module now try to pop SYSTEM cmd on all active desktops
[new] mimikatz misc::printnightmare try to clean temporary printer driver (not available by default on remote ones)
2021-07-29 11:23:38 +02:00
Benjamin DELPY
2a5b839224
[enhancement] misc::spooler now supports transport authentication (SMB named pipe)
2021-07-25 00:49:52 +02:00
hubert3
aeda2f7f11
Merge branch 'master' of https://github.com/gentilkiwi/mimikatz
2021-07-23 14:10:50 +10:00
Benjamin DELPY
dc1e3347a5
[new] mimikatz misc::efs to play with [MS-EFSR], inspired by @topotam work on PetitPotam
2021-07-23 01:26:49 +02:00
hubert3
c0a8dc667e
Merge branch 'master' of https://github.com/gentilkiwi/mimikatz
2021-07-22 16:13:10 +10:00
Benjamin DELPY
ba3c2c66f6
[new] mimikatz misc::shadowcopies (to display some properties without admin rights)
...
[new] mimikatz mimispool module includes some functions for printnigtmare v3/v4 (must be recompiled after adjust)
[internal] new ntdll.min.lib to call NtOpenDirectoryObject/NtQueryDirectoryObject
2021-07-21 23:50:54 +02:00
hubert3
6825c58516
Fix crypto::cng on Windows 10 x64 version 1909 (ERROR kull_m_patch_genericProcessOrServiceFromBuild ; kull_m_patch (0x00000000))
...
Non-exportable private key export succeeds with crypto::certificates /systemstore:local_machine /export
Tested with: Win10 Pro x64 Version 1909 Build 18363.1556 (ncryptprov.dll 10.0.18362.1411)
Also works on Win10 Pro x64 Version 2004 Build 19041.804 (ncryptprov.dll 10.0.19041.662)
2021-07-21 23:49:44 +10:00
Benjamin DELPY
c8920c74b2
[clean] version, copyright & project
2021-07-14 18:57:30 +02:00
Benjamin DELPY
571fc8cc99
[fix] mimikatz as DLL, new console is not mandatory
2021-07-14 17:37:12 +02:00
Benjamin DELPY
fc7f5cc2a3
[new] mimikatz misc::printnightmare rewrited :) (more love inside)
...
[fix #359 ] internal busylight module (less memory leak ;)) - thank you @JohnLaTwC
2021-07-09 23:27:22 +02:00
Benjamin DELPY
baaa26116a
[new] mimikatz misc::printnightmare will normalize UNC path for library (\\ to \??\UNC\)
2021-07-07 15:14:41 +02:00
Benjamin DELPY
b71f27b634
[fix] mimikatz misc::printnightmare output and functions names
2021-07-06 22:44:06 +02:00
Benjamin DELPY
bb8ccea8d9
[new] mimikatz misc::printnightmare LPE support under certain circumstances (Point & Print / UAC)
2021-07-06 17:28:56 +02:00
Benjamin DELPY
8a2302ae64
[new] mimikatz misc::printnightmare added a /clean parameters to remove `mimikatz-*` drivers (admin rights needed), and list drivers if no command
2021-07-05 23:44:37 +02:00
Benjamin DELPY
51dc7c0363
[fix] mimikatz misc::printnightmare with @citronneur idea to avoid 'bruteforce' directories
...
[new] mimispool library (specific fail at load to avoid lock)
2021-07-05 15:02:26 +02:00
Benjamin DELPY
9ad02da948
[new] mimikatz misc::printnightmare now uses [ms-par] instead of [ms-rprn], thank you @cube0x0
2021-07-04 22:29:12 +02:00