RepoMirrors/mimikatz
1
0
Fork 0
mirror of https://github.com/gentilkiwi/mimikatz synced 2025-02-25 14:20:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
198 Commits 2 Branches 12 Tags 20 MiB
9e42ea3b28
Commit Graph

198 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Benjamin DELPY
9e42ea3b28 [fix] missing fltuser* includes 
[fix] mimidrv version
 2017-12-10 18:12:21 +01:00
Benjamin DELPY
5e712a34d0 [new] misc::easyntlmchall 
[typo] Windows version 1707 -> 1703
[internal] kull_m_net_getComputerName
[internal] _ReturnAddress()
 2017-12-03 21:16:28 +01:00
Benjamin DELPY
4188d55dc0 [new] misc::mflt to list minifilters 2017-11-28 03:16:46 +01:00
Benjamin DELPY
dc7661c7d0 [new] starting an internal SR98 module for chinese LF cloner 
[internal] MS-DRSR internal improvements
 2017-11-27 01:58:27 +01:00
Benjamin DELPY
3d6b2db4f6 [internal/new] kull_m_string_stringToFileTime 2017-11-24 01:01:43 +01:00
Benjamin DELPY
ebcecc3a10 [fix #107] remove _vscwprintf dependency with mimilove on Windows 2000 
[credits] with his work on AD, Vincent Le Toux (@vletoux) is starring as co-author :)
[internal] DRSR RPC
[fix] dcsync export as CSV without junk chars between username and NTLM hash
 2017-11-06 03:37:36 +01:00
Benjamin DELPY
773533b6e9 Merge pull request #98 from vletoux/dcsync_export_all_ntlm 
Modify lsadump::dcsync to allow the export of all NTLM of the domain
 2017-09-03 10:54:26 +02:00
vletoux
cef8891c00 Modify lsadump::dcsync to allow the export of all NTLM of the domain 2017-09-03 10:47:54 +02:00
Benjamin DELPY
0d79c441de crypto::extract now supports CAPI & BCrypt (RSA/AES/DES/3DES/DESX/RC4/RC2...) 2017-08-13 17:27:10 +02:00
Benjamin DELPY
2af06006f7 [new] crypto::extract, to try to extract MS CAPI keys from RSA/AES provider 
[fix] internal process module (NtQuerySystemInformation)
 2017-08-01 04:45:47 +02:00
Benjamin DELPY
432276f23d mimikatz as a DLL, DLL delay loading for bcrypt/ncrypt, some crypto stuff... 2017-07-20 01:33:50 +02:00
Benjamin DELPY
106ca7f7b4 Yara rule update to support recent mimikatz version (and logicaly Petya mimikatz module too) 2017-06-29 01:01:43 +02:00
Benjamin DELPY
083e528b69 Few code lines added... 
[fix] mimikatz sekurlsa::* for Windows 2003 older versions.
[new] mimikatz version try to detect Credential Guard and display files version with arg.
 2017-06-18 18:45:55 +02:00
Benjamin DELPY
9cd6a49e4c [new] lsadump::changentlm to *change* user password/hash to another password/hash 2017-06-08 00:48:55 +02:00
Benjamin DELPY
87aeb8fe2f Some new LSA stuff 
[enhancement] lsadump::lsa /inject new injected code to get password history (if any)
[new] lsadump::setnetlm (thanks to Vincent LE TOUX idea !), to set an arbitrary NTLM hash to an user
[new] net::share to enumerate remote share on a server
[new] net::serverinfo to grab remote server informations
 2017-06-07 02:37:32 +02:00
Benjamin DELPY
22eaf29e75 [new] mimilib now supports DHCP Callout, DNS Plugin, Coffee 2017-05-08 22:12:31 +02:00
Benjamin DELPY
4c70f1447e [new] support for Windows 10 RS2 - 1707 2017-04-10 00:36:29 +03:00
Benjamin DELPY
968dc29529 Token & code enhancements 2017-03-30 00:57:24 +03:00
Benjamin DELPY
f0bfb0da31 [enhancement] token: less listed (NtCompareTokens), more details in whoami 2017-03-28 04:22:57 +03:00
Benjamin DELPY
b0be118bc5 One PowerShell fix and better service/token functions 
[fix #83] mimikatz - No ExitProcess when using DLL (for PowerShell)
[new] mimikatz - service::+ & service::- to install/uninstall
[enhancement] token::elevate & token::run
 2017-03-26 03:35:32 +03:00
Benjamin DELPY
1722002956 [change] ts:: now uses only winsta API (instead of mix of wts32api and winsta) 
[new] rpc::connect support /null NTLM session for protseq ncacn_ip_tcp
 2017-03-20 04:37:36 +02:00
Benjamin DELPY
dbfebef2d7 Not needed anymore 2017-03-20 04:35:19 +02:00
Benjamin DELPY
b4f96ccb6c mimikatz 2.1.1 (rpc/service/process) 
[new] RPC support (client & server, multi users)
[new] Windows service support
[new] token::elevate can run process with impersonate token (when enough privileges and without interactions)
[new] process::run
[new] standard::hostname
 2017-03-19 17:03:54 +02:00
Benjamin DELPY
114c257679 net::tod & net::stats for remote time and 'uptime' 2017-03-05 23:48:23 +02:00
Benjamin DELPY
345db5ada5 Harmonization mimikatz<->kekeo 2017-02-27 03:18:46 +02:00
Benjamin DELPY
cf30c6396e Global update with few things 
[net] List network sessions & user sessions to a server
[internal] arguments default behavior can NULL a value
 2017-02-26 03:10:41 +02:00
Benjamin DELPY
2ca6174fc5 [new] crypto::certtohw to transfer a certificate in a smartcard/hsm 
[new] crypto::scauth to allow certificate creation in a smartcard/hsm
[new] kerberos::ptc / kerberos::clist seems to support now CCACHE 0x0503 version
 2017-01-21 01:34:34 +01:00
Benjamin DELPY
ea674c5073 [internal] ASN.1 OID encode/decode 
[internal] MS-DSRS with OID instead of standard ATT only
[internal] MS-DRSR function IDL_DRSAddEntry
 2017-01-07 03:45:34 +01:00
Benjamin DELPY
d8ee9e20ca [fix] kull_m_string _wcsicmp instead of wcsicmp 2016-12-23 00:47:33 +01:00
Benjamin DELPY
13756316fd [new] standard::base64 can handle input or output (for @OJ) 
[internal] kull_m_file now supports read/write to base64
[internal] kull_m_string function to modify BOOL value from arguments
[internal] kerberos::pacinfo now supports more PAC types
 2016-12-23 00:21:08 +01:00
Benjamin DELPY
159bbbf416 [new/back] mimikatz sekurlsa module now use minimal rights to read LSASS process 2016-11-26 02:28:16 +01:00
Benjamin DELPY
8fcc011593 [new] mimikatz localtime command (from/for @OJ) 
[removed] mimikatz markruss command (for @Microsoft)
 2016-10-29 21:23:18 +02:00
Benjamin DELPY
cdd0722efa [new] mimikatz, mimilib & mimidrv Windows Server 2016 support 
[fix] mimidrv kkll_m_process_fullprivileges buffer size check
 2016-10-25 03:25:34 +03:00
Benjamin DELPY
57f4101567 [fix #65] mimikatz sekurlsa::* for old 2012r2 version 
[fix #66] mimikatz sekurlsa::kerberos CSP/Pin data for Windows 10 1607
 2016-10-05 21:37:29 +03:00
Benjamin DELPY
3ea0f0d11f [internal] process structures handle better thread references 
[*] CQURE Edition for Microsoft Ignite
 2016-09-28 23:12:35 +03:00
Benjamin DELPY
3bd5f0e241 [fix] mimikatz sekurlsa was not using all sessions/credentials in memory (bad lsasrv!LogonSessionListCount) 
[new] mimikatz crypto list smartcard readers and cards (or tokens)
 2016-09-22 03:30:15 +03:00
Benjamin DELPY
da718ef95c [internal/fix] mimilove can't deal with UuidCreate (but don't need it, so...) 2016-09-11 00:15:47 +03:00
Benjamin DELPY
11f478e1e6 [new] mimikatz crypto::scauth to create SmartCard Authentification certificate from a CA certificate 
[internal] UuidCreate for new GUID
[internal] CryptDLL RandomKey function is now supported
[internal] crypto module new functions to deal with importing certificate with key in stores
 2016-09-11 00:07:33 +03:00
Benjamin DELPY
8268f37387 [fix #58] mimikatz sekurlsa::* / mimilib - deal with Windows 10 1607 Remote Credential Guard 
[new] mimikatz kerberos::golden now supports "Claims"
 2016-08-22 01:02:27 +02:00
Benjamin DELPY
05fdb2d425 [fix #56] mimikatz::sekurlsa && mimilib : VSM for Windows 10 1607 (build 14393) 2016-08-12 23:09:32 +02:00
Benjamin DELPY
823d376d80 Anniversary update 
[new] mimikatz lsadump::sam ready for Windows 10 14393 (AES128 encryption)
[new] mimikatz sekurlsa::* ready for Windows 10 14393
[fix] mimikatz lsadump::sam (handle double free)
[new] mimilib WinDBG mimikatz plugin ready for Windows 10 14393
 2016-08-08 03:35:01 +02:00
Benjamin DELPY
abaa6ca9b1 [new] dpapi::cache can now be saved/loaded/flushed 
[new] net::group & net::alias
 2016-08-02 01:02:57 +02:00
Benjamin DELPY
6498084fba [mimikatz/mimilib] RPC cleaning, new CredentialKeys format string 2016-07-31 02:02:19 +02:00
Benjamin DELPY
3d08b8b758 [internal] mimilib - sekurlsa for WinDBG now uses RPC for LSA CredentialKeys 2016-07-29 23:32:06 +02:00
Benjamin DELPY
b2f09cf903 [internal] RPC modules no more needed 2016-07-29 20:18:26 +02:00
Benjamin DELPY
3193ab06db [internal] RPC for LSA CredentialKeys & cleaning 2016-07-29 20:04:05 +02:00
Benjamin DELPY
d292c736ce [internal] mimikatz kerberos tools for debug 2016-07-22 23:15:47 +02:00
Benjamin DELPY
6f671b9fd5 [internal] removing old RPC modules 2016-07-19 17:51:47 +02:00
Benjamin DELPY
4ed563f925 [internal] modules RPC directory & cleaning 2016-07-19 17:48:55 +02:00
Benjamin DELPY
dc78942618 [internal] using NDR type serialization for Kerberos PAC instead of dirty home-made 2016-07-18 00:41:01 +02:00