746e2116d1
[legacy] Backport djoin parser & citrix SSO password extractor
2022-09-19 14:57:55 +02:00
14bbd5cb3a
[new] lsadump::dcsync try to support /laps
...
[internal] ldap supports authentication
[internal] rpc cleanup for EFS
[internal] sekurlsa skeleton for 11/2022
2021-09-07 00:19:15 +02:00
293910419f
Dump Bitlocker Recovery Information with DCSync
2021-09-04 20:37:32 +02:00
d05fa5d43f
[fix] mimikatz ts::logonpasswords search routines for Web credentials, thank you Lawrence Abrams (@Bleeping)
2021-08-10 01:59:35 +02:00
247da32854
[new] mimispool module to support PrintNightmare 2.x and 4.x
...
[new] mimispool module now try to pop SYSTEM cmd on all active desktops
[new] mimikatz misc::printnightmare try to clean temporary printer driver (not available by default on remote ones)
2021-07-29 11:23:38 +02:00
dc1e3347a5
[new] mimikatz misc::efs to play with [MS-EFSR], inspired by @topotam work on PetitPotam
2021-07-23 01:26:49 +02:00
ba3c2c66f6
[new] mimikatz misc::shadowcopies (to display some properties without admin rights)
...
[new] mimikatz mimispool module includes some functions for printnigtmare v3/v4 (must be recompiled after adjust)
[internal] new ntdll.min.lib to call NtOpenDirectoryObject/NtQueryDirectoryObject
2021-07-21 23:50:54 +02:00
fc7f5cc2a3
[new] mimikatz misc::printnightmare rewrited :) (more love inside)
...
[fix #359 ] internal busylight module (less memory leak ;)) - thank you @JohnLaTwC
2021-07-09 23:27:22 +02:00
bb8ccea8d9
[new] mimikatz misc::printnightmare LPE support under certain circumstances (Point & Print / UAC)
2021-07-06 17:28:56 +02:00
8a2302ae64
[new] mimikatz misc::printnightmare added a /clean parameters to remove `mimikatz-*` drivers (admin rights needed), and list drivers if no command
2021-07-05 23:44:37 +02:00
9ad02da948
[new] mimikatz misc::printnightmare now uses [ms-par] instead of [ms-rprn], thank you @cube0x0
2021-07-04 22:29:12 +02:00
c21276072b
[new] mimikatz misc::printnightmare little POC
2021-07-01 03:16:49 +02:00
835757ef1c
[new] mimikatz ts::mstsc to try to dump client credentials
2021-05-25 20:34:48 +02:00
86679021ee
[new] mimikatz ts::logonpasswords (experimental) - try to dump passwords from Terminal Server service (8.1+/2012R2+)
2021-05-17 23:49:18 +02:00
c54f4162d5
[new] mimikatz dpapi::sccm to dump Network Accounts on endpoints
2021-05-12 22:59:46 +02:00
734e3f0291
[new] misc:sccm to decrypt SC_UserAccount credentials when SCCM private key access
2021-05-11 20:34:56 +02:00
fe4e984055
[new] mimikatz lsadump::dcsync supports /user:sid and authentication parameters
...
[internal] use of real internal function name Rtl* for crypto system
2020-09-28 00:04:20 +02:00
460717fd36
[new] mimikatz misc::spooler
2020-09-25 22:52:24 +02:00
09fb1f62ab
[new] mimikatz lsadump::zerologon encrypted with better arguments
2020-09-18 19:23:17 +02:00
fa42ed93aa
[new] mimikatz lsadump::postzerologon, to reinit DC password both in local store and AD
...
[change] https instead of http for blog :)
2020-09-17 03:17:11 +02:00
880c15994c
[new] mimikatz lsadump::zerologon (CVE-2020-1472 @SecuraBV @djrevmoon)
...
[new] mimikatz lsadump::dcsync now supports NTLM auth and explicit credentials
[internal] netlogon RPC instead of NETAPI32.dll (support ncap_ip_tcp instead of ncap_np)
2020-09-16 12:16:07 +02:00
ba8d11ebe1
[new] ngc::pin for software keys, ngc::decrypt for passwords, etc.
2020-08-24 06:11:42 +02:00
2d54a1a978
[ fix #301 ] Not using _time32() anymore, not in XP msvcrt
2020-08-16 10:37:36 +02:00
a2a25cc9f5
[new] mimikatz dpapi::cloudapreg to get some decrypted RefreshToken from the registry (thank you DPAPI) - not AzureAd joined
...
[new] mimikatz misc::ngcsign to play with signature even if you don't have access to the real key (NgcSignWithSymmetricPopKey)
2020-08-09 22:55:49 +02:00
755505b6f4
[new] dpapi::cloudapkd can now sign a new JWT from the Primary and various keys / context
...
[new] misc::aadcookie to get a new JWT for the current user
2020-08-07 02:28:29 +02:00
37bc5ce8d0
[new] dpapi::cloudapkd to get a derived key from PRT associated key (software or TPM)
2020-08-05 00:49:55 +02:00
ff13496b33
[new] sekurlsa::cloudap to dump Azure PRT, session keys and DPAPI keys
...
[new] ngc::logondata to dump authentication slot pin and various data (kiwi use only - 2004 up to date)
[new] token::elevate option to impersonate special users
[internal] file reading support reading with backup privilege
2020-08-04 14:06:21 +02:00
e10ec9aa5b
[fix] freeing memory with CredFree when using CredUnmarshalCredential
...
[fix #289 ] casting FIELD_OFFSET to DWORD, like each time I commit ;)
2020-06-14 12:52:08 +02:00
125c58b7e5
[ fix #284 ] remove previous TPM header dependency
2020-05-03 13:30:54 +02:00
44ca2e648a
[new] dpapi::tpm to decrypt TPM blob (no secret !)
...
[new] net::if (@vletoux / https://github.com/vletoux/OxidBindings )
[internal] exit functions support exiting thread instead of process
2020-05-02 20:59:56 +02:00
a5088d9e57
[new] dpapi::create now deals with dpapi::cache to encrypt multiple masterkeys
...
[new] dpapi::cache save raw keys instead of only SHA1 of them
2020-03-08 18:41:50 +01:00
d07283a20d
[new] dpapi::create, to create (minimalist) Masterkeys file from a raw key
...
[internal] kull_m_token to deal with own SID et check if local or domain
2020-03-08 13:38:11 +01:00
a5f843b5aa
[new] lsadump::dcsync full sync filters deleted accounts by default (/deleted to get them back)
...
[new] lsadump::dcsync full sync prints UAC (details with /uac)
[fix] includes again WinDNS.h
2020-02-26 23:40:00 +01:00
57b7267c30
[new] module minidump supports stream size
...
[new] module file read with FILE_SHARE_WRITE
[new] module crypto_sk for crypto with SecureKernel algorithms
[new] bcrypt lib to support BCryptKeyDerivation
[enhancement] LSAISO_DATA_BLOB structure & display
[experimental] sekurlsa::msv1_0 normalized structure for LsaIso
[experimental] sekurlsa::kerberos try to acquire session key from LsaIso
[experimental] sekurlsa::dpapi key from msv1_0 when LsaIso (not encrypted)
2020-02-24 23:52:47 +01:00
b098bf37cf
[new] dpapi::chrome supports AES-256-GCM decryption for new Logins & Cookies
...
[new] dpapi::cred & vault::cred now supports double DPAPI for INET & Ivanti credentials
2020-02-08 12:42:34 +01:00
6972319852
[new] dpapi::masterkey now supports derivation from NTLM hash for protected user (/protected) instead of password
2020-01-23 10:12:22 +01:00
60033c8e75
Removing previous SQLite3 dependencies
2020-01-04 19:20:55 +01:00
421a4d2b2d
lsadump & Chrome updates
...
[new] lsadump::sam support SupplementalCredentials in local SAM (close #250 ) - thank you @MichaelGrafnetter
[enhance] lsadump::sam with better logic in revision/flag detection (without new code), fix #99 , fix #165 , fix #249
[enhance] chrome::dpapi by integration of an updated SQLite3 library with less OMIT (must fix #246 , no SQLITE_OMIT_AUTOINCREMENT)
2020-01-04 19:13:16 +01:00
c832504acd
Crypto, crypto everywhere
...
[new] crypto::capi patch DSS CSP (experimental)
[new] crypto::keys export DSA, EC keys
[new] crypto::kutil import PEM, DER, PKCS#8, CAPI blob & CNG blob when possible, convert it to PKCS#8, or make a PKCS#12 with a PEM or DER certificate
[new] dpapi::capi & dpapi::cng export private keys in PVK format for legacy (RSA & DSA) or PKCS#8 for others (like EC)
[new] crypto:: & dpapi:: keys & cert functions with more informations
2020-01-02 19:31:05 +01:00
3c81f16b5b
New DPAPI stuff & crypto
...
[new] dpapi::masterkey now supports SID with SYSTEM_DPAPI (for @dirkjanm services ;))
[new] dpapi::cache filter non relevant SIDs
[new] dpapi::cred now supports WinInet double DPAPI
[new] dpapi::blob /raw for hex input
[new] dpapi::blob /ascii to force ascii output (when not unicode data)
[new] crypto:: & dpapi::cng key & certificates flags from current SDK (VSM)
[new] sr98::nedap module (@iceman1001 <3)
[new] lsadump::mbc to dump MachineBoundCertificate
2019-11-25 03:03:09 +01:00
46bede3a8c
[new] mimikatz dpapi::ps function to deal with PSCredential and SecureString XML files.
...
[fix #214 ] Fis sekurlsa key import for Windows 1809
2019-07-20 23:04:25 +02:00
4d4d047b50
[new] mimikatz for NT5 (XP/2003) now supports DES-X-CBC and RC4 without LSASRV.DLL (thank you @NielsFerguson)
2019-05-01 23:22:02 +02:00
5fc3351d7a
[ fix #199 ] Allow dpapi::chrome to open DB without lock (library update to support win32-none VFS) thank you @psychomario !
...
[new] net::trust adds LDAP search to get objectGuid for lsadump::dcsync usage
2019-04-12 01:25:20 +02:00
e84c57f6cb
[new] net::deleg function in mimikatz
...
[new] owl module for Cam
2019-03-29 03:11:00 +01:00
b008188f9f
Big update :)
...
[new] mimikatz & mimilib **very** experimental support for ARM64
[better] code for Mifare protocol
[better] code for sekurlsa WinDBG plugin (credential keys, still not good enough)
[new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password
[new] mimikatz: unmarshalling usernames when marshalled
[fix] mimikatz SR98/RDM/Busylight could previously crash
[fix #184 ] again and again ;)
[fix #172 ] swscanf_s VS ARRAYSIZE macro
[fix #127 ] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon)
[code] refactor for defined / !defined
2019-03-25 01:57:56 +01:00
b87468c1b4
[new] mimikatz dpapi::rdg to decrypt saved passwords in RDG files (Remote Desktop Connection Manager)
2018-08-19 17:01:41 -07:00
56d9db738a
Vegas Edition
...
[new] lsadump::dchadow updates (linger, new helpers, fixes)
[new] ACR & PN532 module
2018-08-14 13:13:03 -07:00
0798214d73
[new] dpapi::ssh from an idea of @ropnop and for Tal Be'ery
...
[fix] sr98::raw blocks array (fix #149 - thank you @steelfly33)
2018-05-26 01:42:20 +02:00
c8cb4111d7
[fix] Windows 10 1803 (17134) support (the real one this time :))
...
[new] RDM(830 AL) HF reader/writer basic support
2018-05-02 00:29:34 +02:00
83c1355682
removing specific HID library for Busylight
...
a generic one will come
2018-05-02 00:23:12 +02:00
Benjamin DELPY
Gabriele Gristina