880c15994c
[new] mimikatz lsadump::zerologon (CVE-2020-1472 @SecuraBV @djrevmoon)
...
[new] mimikatz lsadump::dcsync now supports NTLM auth and explicit credentials
[internal] netlogon RPC instead of NETAPI32.dll (support ncap_ip_tcp instead of ncap_np)
2020-09-16 12:16:07 +02:00
ba8d11ebe1
[new] ngc::pin for software keys, ngc::decrypt for passwords, etc.
2020-08-24 06:11:42 +02:00
2d54a1a978
[ fix #301 ] Not using _time32() anymore, not in XP msvcrt
2020-08-16 10:37:36 +02:00
a2a25cc9f5
[new] mimikatz dpapi::cloudapreg to get some decrypted RefreshToken from the registry (thank you DPAPI) - not AzureAd joined
...
[new] mimikatz misc::ngcsign to play with signature even if you don't have access to the real key (NgcSignWithSymmetricPopKey)
2020-08-09 22:55:49 +02:00
755505b6f4
[new] dpapi::cloudapkd can now sign a new JWT from the Primary and various keys / context
...
[new] misc::aadcookie to get a new JWT for the current user
2020-08-07 02:28:29 +02:00
37bc5ce8d0
[new] dpapi::cloudapkd to get a derived key from PRT associated key (software or TPM)
2020-08-05 00:49:55 +02:00
ff13496b33
[new] sekurlsa::cloudap to dump Azure PRT, session keys and DPAPI keys
...
[new] ngc::logondata to dump authentication slot pin and various data (kiwi use only - 2004 up to date)
[new] token::elevate option to impersonate special users
[internal] file reading support reading with backup privilege
2020-08-04 14:06:21 +02:00
e10ec9aa5b
[fix] freeing memory with CredFree when using CredUnmarshalCredential
...
[fix #289 ] casting FIELD_OFFSET to DWORD, like each time I commit ;)
2020-06-14 12:52:08 +02:00
125c58b7e5
[ fix #284 ] remove previous TPM header dependency
2020-05-03 13:30:54 +02:00
44ca2e648a
[new] dpapi::tpm to decrypt TPM blob (no secret !)
...
[new] net::if (@vletoux / https://github.com/vletoux/OxidBindings )
[internal] exit functions support exiting thread instead of process
2020-05-02 20:59:56 +02:00
a5088d9e57
[new] dpapi::create now deals with dpapi::cache to encrypt multiple masterkeys
...
[new] dpapi::cache save raw keys instead of only SHA1 of them
2020-03-08 18:41:50 +01:00
d07283a20d
[new] dpapi::create, to create (minimalist) Masterkeys file from a raw key
...
[internal] kull_m_token to deal with own SID et check if local or domain
2020-03-08 13:38:11 +01:00
a5f843b5aa
[new] lsadump::dcsync full sync filters deleted accounts by default (/deleted to get them back)
...
[new] lsadump::dcsync full sync prints UAC (details with /uac)
[fix] includes again WinDNS.h
2020-02-26 23:40:00 +01:00
57b7267c30
[new] module minidump supports stream size
...
[new] module file read with FILE_SHARE_WRITE
[new] module crypto_sk for crypto with SecureKernel algorithms
[new] bcrypt lib to support BCryptKeyDerivation
[enhancement] LSAISO_DATA_BLOB structure & display
[experimental] sekurlsa::msv1_0 normalized structure for LsaIso
[experimental] sekurlsa::kerberos try to acquire session key from LsaIso
[experimental] sekurlsa::dpapi key from msv1_0 when LsaIso (not encrypted)
2020-02-24 23:52:47 +01:00
b098bf37cf
[new] dpapi::chrome supports AES-256-GCM decryption for new Logins & Cookies
...
[new] dpapi::cred & vault::cred now supports double DPAPI for INET & Ivanti credentials
2020-02-08 12:42:34 +01:00
6972319852
[new] dpapi::masterkey now supports derivation from NTLM hash for protected user (/protected) instead of password
2020-01-23 10:12:22 +01:00
60033c8e75
Removing previous SQLite3 dependencies
2020-01-04 19:20:55 +01:00
421a4d2b2d
lsadump & Chrome updates
...
[new] lsadump::sam support SupplementalCredentials in local SAM (close #250 ) - thank you @MichaelGrafnetter
[enhance] lsadump::sam with better logic in revision/flag detection (without new code), fix #99 , fix #165 , fix #249
[enhance] chrome::dpapi by integration of an updated SQLite3 library with less OMIT (must fix #246 , no SQLITE_OMIT_AUTOINCREMENT)
2020-01-04 19:13:16 +01:00
c832504acd
Crypto, crypto everywhere
...
[new] crypto::capi patch DSS CSP (experimental)
[new] crypto::keys export DSA, EC keys
[new] crypto::kutil import PEM, DER, PKCS#8, CAPI blob & CNG blob when possible, convert it to PKCS#8, or make a PKCS#12 with a PEM or DER certificate
[new] dpapi::capi & dpapi::cng export private keys in PVK format for legacy (RSA & DSA) or PKCS#8 for others (like EC)
[new] crypto:: & dpapi:: keys & cert functions with more informations
2020-01-02 19:31:05 +01:00
3c81f16b5b
New DPAPI stuff & crypto
...
[new] dpapi::masterkey now supports SID with SYSTEM_DPAPI (for @dirkjanm services ;))
[new] dpapi::cache filter non relevant SIDs
[new] dpapi::cred now supports WinInet double DPAPI
[new] dpapi::blob /raw for hex input
[new] dpapi::blob /ascii to force ascii output (when not unicode data)
[new] crypto:: & dpapi::cng key & certificates flags from current SDK (VSM)
[new] sr98::nedap module (@iceman1001 <3)
[new] lsadump::mbc to dump MachineBoundCertificate
2019-11-25 03:03:09 +01:00
46bede3a8c
[new] mimikatz dpapi::ps function to deal with PSCredential and SecureString XML files.
...
[fix #214 ] Fis sekurlsa key import for Windows 1809
2019-07-20 23:04:25 +02:00
4d4d047b50
[new] mimikatz for NT5 (XP/2003) now supports DES-X-CBC and RC4 without LSASRV.DLL (thank you @NielsFerguson)
2019-05-01 23:22:02 +02:00
5fc3351d7a
[ fix #199 ] Allow dpapi::chrome to open DB without lock (library update to support win32-none VFS) thank you @psychomario !
...
[new] net::trust adds LDAP search to get objectGuid for lsadump::dcsync usage
2019-04-12 01:25:20 +02:00
e84c57f6cb
[new] net::deleg function in mimikatz
...
[new] owl module for Cam
2019-03-29 03:11:00 +01:00
b008188f9f
Big update :)
...
[new] mimikatz & mimilib **very** experimental support for ARM64
[better] code for Mifare protocol
[better] code for sekurlsa WinDBG plugin (credential keys, still not good enough)
[new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password
[new] mimikatz: unmarshalling usernames when marshalled
[fix] mimikatz SR98/RDM/Busylight could previously crash
[fix #184 ] again and again ;)
[fix #172 ] swscanf_s VS ARRAYSIZE macro
[fix #127 ] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon)
[code] refactor for defined / !defined
2019-03-25 01:57:56 +01:00
b87468c1b4
[new] mimikatz dpapi::rdg to decrypt saved passwords in RDG files (Remote Desktop Connection Manager)
2018-08-19 17:01:41 -07:00
56d9db738a
Vegas Edition
...
[new] lsadump::dchadow updates (linger, new helpers, fixes)
[new] ACR & PN532 module
2018-08-14 13:13:03 -07:00
0798214d73
[new] dpapi::ssh from an idea of @ropnop and for Tal Be'ery
...
[fix] sr98::raw blocks array (fix #149 - thank you @steelfly33)
2018-05-26 01:42:20 +02:00
c8cb4111d7
[fix] Windows 10 1803 (17134) support (the real one this time :))
...
[new] RDM(830 AL) HF reader/writer basic support
2018-05-02 00:29:34 +02:00
83c1355682
removing specific HID library for Busylight
...
a generic one will come
2018-05-02 00:23:12 +02:00
a0f243b335
[fix] don't ask me why, but fixing previous SVN commit
2018-04-24 01:23:31 +02:00
2f66115ccd
[fix] Passing the hash issue when replacing password in some Windows 10 versions
...
[fix] kerberos & crypto FindFile issue when enumerating kirbi & certificate files in directories
[fix] adding Fci.h file in includes
[new] kerberos::golden can make tickets without PAC when avoiding the /sid parameters
[new] crypto::sc tries to get informations with readers without cards
[new] sr98:: module to deal with LF writer and T5577 cards
2018-04-24 01:21:00 +02:00
696ff18f11
[new] lsadump::cache can extract NTLM hash from SmartCard local cache (cc: @asolino)
...
[fix #133 ] Casting to ULONG result of the FIELD_OFFSET macro in lsasdump_dc module
2018-03-18 00:24:05 +01:00
448bf35019
[internal] IDL_DRSVerifyNames
2018-02-08 02:26:36 +01:00
3d8be22fff
[fix] a lots of @vletoux errors checking ;)
2018-02-06 00:16:51 +01:00
bef58c833c
[fix] lsadump::dcshadow now supports renamed domains (ms-DS-ReplicationEpoch)
2018-02-05 02:07:47 +01:00
3a43901dd8
[new] lsadump::sam with LM/NTLM history
...
[change] lsadump::dcshadow code / DC functionnal level version in text
2018-02-03 23:29:33 +01:00
ab18bd103a
Pushing @vletoux DCShadow in current branch with some adaptations
2018-01-27 01:37:55 +01:00
fa591e61a4
[new] mimidrv for Windows 10 version 1709
2017-12-18 03:30:40 +01:00
5e712a34d0
[new] misc::easyntlmchall
...
[typo] Windows version 1707 -> 1703
[internal] kull_m_net_getComputerName
[internal] _ReturnAddress()
2017-12-03 21:16:28 +01:00
4188d55dc0
[new] misc::mflt to list minifilters
2017-11-28 03:16:46 +01:00
dc7661c7d0
[new] starting an internal SR98 module for chinese LF cloner
...
[internal] MS-DRSR internal improvements
2017-11-27 01:58:27 +01:00
3d6b2db4f6
[internal/new] kull_m_string_stringToFileTime
2017-11-24 01:01:43 +01:00
ebcecc3a10
[ fix #107 ] remove _vscwprintf dependency with mimilove on Windows 2000
...
[credits] with his work on AD, Vincent Le Toux (@vletoux) is starring as co-author :)
[internal] DRSR RPC
[fix] dcsync export as CSV without junk chars between username and NTLM hash
2017-11-06 03:37:36 +01:00
cef8891c00
Modify lsadump::dcsync to allow the export of all NTLM of the domain
2017-09-03 10:47:54 +02:00
0d79c441de
crypto::extract now supports CAPI & BCrypt (RSA/AES/DES/3DES/DESX/RC4/RC2...)
2017-08-13 17:27:10 +02:00
2af06006f7
[new] crypto::extract, to try to extract MS CAPI keys from RSA/AES provider
...
[fix] internal process module (NtQuerySystemInformation)
2017-08-01 04:45:47 +02:00
432276f23d
mimikatz as a DLL, DLL delay loading for bcrypt/ncrypt, some crypto stuff...
2017-07-20 01:33:50 +02:00
083e528b69
Few code lines added...
...
[fix] mimikatz sekurlsa::* for Windows 2003 older versions.
[new] mimikatz version try to detect Credential Guard and display files version with arg.
2017-06-18 18:45:55 +02:00
9cd6a49e4c
[new] lsadump::changentlm to *change* user password/hash to another password/hash
2017-06-08 00:48:55 +02:00
Benjamin DELPY
vletoux