111b47a67b
Crypto, crypto everywhere...
...
[new] crypto::providers and crypto::certificates now list provider types
[internal] Removed kull_m_crypto_crc32 routine from crypto module, relies now on cryptdll using CALG_CRC32 with kull_m_crypto_hash
[internal] Removed incorrect usage of BOOL instead of NTSTATUS in kuhl_m_pac_validationInfo_to_PAC
2016-01-17 00:36:41 +01:00
34d1d0f573
Crypto & Kerberos enhancements
...
- [fix] dpapi::capi now deals with AT_SIGNATURE keys
- [fix] sekurlsa::kerberos / kerberos:: encryption type are now signed
- [new] kerberos::ask to ask / save TGS from current TGT
- [new] crypto::system to describe/to export Windows System Certificate (cert, crl, ctl, keyid)
- [internal] smaller banner for smaller displays
- [internal] Copyrights for 2016
- [internal] kull_m_file can deal with environment-variable strings in paths
- [internal] kull_m_crypto new types for CERT_PROP_*_ID
2016-01-12 03:13:12 +01:00
fbb32cdcfa
MSV & Kerberos fixes, LSA and Privilege enhancements
...
- [fix] sekurlsa::msv & mimilib for Windows 10 build 10586
- [fix #20 ] sekurlsa::tickets (display & export) for NT 6 != Windows 10
- [close #16 ] kerberos::golden now with ~NetBios name in LogonDomainName field of the PAC
- [new] privilege module shortcuts (driver, security, tcb, backup, restore) and functions (by id or name)
- [new] lsadump::dcsync and lsadump::lsa /inject 'NTLM-Strong-NTOWF' in Supplemental Credentials structures (Windows 2016 TP 4)
- [internal] NtSetSystemInformation can now be used in code
2016-01-06 02:46:28 +01:00
1b130574ed
mimikatz & mimilib sekurlsa module ready for Windows 10 build 10586
2015-11-13 00:47:56 +01:00
71015c7081
mimikatz: updated to build with hid.lib
2015-11-09 23:45:49 +01:00
2576d59c8b
Kiwi & René Coty BusyLight mode
2015-10-09 00:40:50 +02:00
5d20400f6c
mimikatz + mimilib sekurlsa fix for SmartCard informations
2015-10-05 01:08:45 +02:00
42993f5102
sekurlsa::kerberos - Fix SmartCard pin code
2015-09-30 00:40:32 +02:00
76e68a5f23
sekurlsa::pth Auto-impersonation (/impersonate)
2015-09-27 00:21:58 +02:00
91b3957211
lsadump::dcsync fix for with 2012r2 AD Recycle Bin
...
Thank you to @asolino, @mubix & @carnal0wnage !
2015-09-16 22:19:19 +02:00
5f12ced3fb
Enhancements
...
* Code cleaning
2015-09-06 19:34:30 +02:00
bea89c67e4
kerberos::golden : fix for groups printing.
2015-09-02 01:30:12 +02:00
ecf3fd5289
lsadump::dcsync autoselect a domain controller with Directory Service (DIRECTORY_SERVICE)
2015-09-02 01:00:45 +02:00
c322dc582f
Cleaning & few Win10 adaptations
2015-08-30 22:01:05 +02:00
a2d50caa83
Licence fix on one missed file by AnkhSVN ;)
2015-08-25 11:24:53 +02:00
8b8eaf0201
Global licence update, credits to Vincent LE TOUX for DCSync, and lsadump::hash moved to crypto::hash
2015-08-25 11:19:01 +02:00
ae041e0ece
lsadump::dcsync - XP and 2003 don't allow QueryContextAttributes for SECPKG_ATTR_SESSION_KEY when using NTLM protocol in userland, forcing Kerberos instead (Negociate otherwise).
...
Thanks @asolino for letting me show!
2015-08-24 12:21:52 +02:00
b2687e3085
DRSR error printing
2015-08-24 01:57:20 +02:00
bdab94dfff
DRSR fixes
2015-08-23 22:50:21 +02:00
a3c105af16
lsadump::dcsync and net::user updates
2015-08-17 00:18:04 +02:00
9c21b2f70d
lsadump::dcsync cleaning (it frees the memory!), and domain autodetect
2015-08-13 01:11:27 +02:00
7717b7a717
DCSync in mimikatz & for XP/2003
2015-08-11 01:27:13 +02:00
19425cc81c
WDigest for Windows 10 & lsadump::trust fix
2015-08-09 00:57:56 +02:00
f7c4ccbe3f
Fix on normal DPAPI unprotect
2015-07-29 01:10:48 +02:00
10c317014e
Fix for newling in fgetws
2015-07-26 22:30:42 +02:00
e6924b75ed
Compatible with Visual Studio 2015
2015-07-24 00:20:34 +02:00
c00b9cfab3
DPAPI vault IV for @dfirfpi
2015-07-21 04:11:25 +02:00
1265e86bfe
README update for VS 2013 Express + user32.lib for mimilove
2015-07-19 17:10:43 +02:00
f686a7400d
mimilove DC support (large table handle instead of small)
2015-07-19 15:15:31 +02:00
9bac6378c6
mimilove for Windows 2000 <3
2015-07-19 02:34:06 +02:00
5084e9d803
Thanks to @dfirfpi new samples, some cool adaptations!
2015-07-16 01:19:48 +02:00
f527ec2297
Removed unused var 'j' :)
2015-07-15 01:15:28 +02:00
3172c1dc23
DPAPI credentials (legacy & vault)
2015-07-15 01:13:21 +02:00
6aa1836e41
Kerberos tickets with External SID
2015-06-29 00:37:49 +02:00
67f7f8c466
DPAPI oe auto provisioning & DPAPI_SYSTEM memory reading
2015-06-26 01:22:02 +02:00
5766e29f33
DPAPI oe starting
2015-06-22 01:31:26 +02:00
81b9af79ef
Unprotect CNG & CAPI from all keys
2015-06-19 01:19:01 +02:00
c622d6ae42
Fix on key export
2015-06-18 02:21:33 +02:00
841deedbf8
DPAPI for CAPI & CNG
2015-06-18 02:18:17 +02:00
bcac477384
DPAPI Masterkeys (normal, backup, domain)
2015-06-14 02:46:21 +02:00
60a71a7951
DPAPI & Crypto
2015-06-07 23:19:28 +02:00
552fe7ac51
Crypto and DPAPI cleaning
2015-06-03 02:13:43 +02:00
64ba9534ba
LsaRetrievePrivateData without shellcode and support for remote via LSA RPC
2015-05-30 00:00:57 +02:00
8c783af863
PFX from key and certificate
2015-05-25 22:22:26 +02:00
45cade5b76
DPAPI Backup keys export from memory cache (sekurlsa + WinDBG), WinDBG LSAIso support
2015-05-25 00:24:46 +02:00
627041252b
DPAPI Backup keys export
2015-05-23 23:49:04 +02:00
d7a76c08c8
Fix Yara :)
2015-05-16 00:14:22 +02:00
a36e552549
Yara: PowerShell with PE Reflective Injection
2015-05-15 23:24:29 +02:00
ee4ab682cf
Small update to Yara rules
2015-05-14 13:53:04 +02:00
65e1249269
Yara rules
2015-05-10 22:15:08 +02:00
Benjamin DELPY