cf8f9f3ee4
[typo] mimilib knp nIndex
2020-07-15 16:36:17 +02:00
adbcdfa0ad
[new] mimilib NPLogonNotify (thank you @gtworek)
2020-07-15 16:29:30 +02:00
e10ec9aa5b
[fix] freeing memory with CredFree when using CredUnmarshalCredential
...
[fix #289 ] casting FIELD_OFFSET to DWORD, like each time I commit ;)
2020-06-14 12:52:08 +02:00
4dd27c0a64
[new] mimikatz & mimidrv support for Windows 10 2004 (build 19041)
2020-05-19 00:56:24 +02:00
0ac5221a87
Merge pull request #267 from zhangyoufu/patch-1
...
fix closing SAM registry key twice
2020-05-19 00:44:46 +02:00
125c58b7e5
[ fix #284 ] remove previous TPM header dependency
2020-05-03 13:30:54 +02:00
44ca2e648a
[new] dpapi::tpm to decrypt TPM blob (no secret !)
...
[new] net::if (@vletoux / https://github.com/vletoux/OxidBindings )
[internal] exit functions support exiting thread instead of process
2020-05-02 20:59:56 +02:00
a5088d9e57
[new] dpapi::create now deals with dpapi::cache to encrypt multiple masterkeys
...
[new] dpapi::cache save raw keys instead of only SHA1 of them
2020-03-08 18:41:50 +01:00
d07283a20d
[new] dpapi::create, to create (minimalist) Masterkeys file from a raw key
...
[internal] kull_m_token to deal with own SID et check if local or domain
2020-03-08 13:38:11 +01:00
bbb41e854f
[fix] dpapi::rdg supports XML nodes without username or domain, but only a password
2020-02-29 11:12:37 +01:00
cdfccf405e
Merge pull request #268 from timhir/master
...
Support for decrypting credentials protected by Credential Guard
2020-02-27 07:36:13 +01:00
a5f843b5aa
[new] lsadump::dcsync full sync filters deleted accounts by default (/deleted to get them back)
...
[new] lsadump::dcsync full sync prints UAC (details with /uac)
[fix] includes again WinDNS.h
2020-02-26 23:40:00 +01:00
4af2481be7
Support for decrypting credentials protected by Credential Guard
2020-02-25 11:15:33 +02:00
57b7267c30
[new] module minidump supports stream size
...
[new] module file read with FILE_SHARE_WRITE
[new] module crypto_sk for crypto with SecureKernel algorithms
[new] bcrypt lib to support BCryptKeyDerivation
[enhancement] LSAISO_DATA_BLOB structure & display
[experimental] sekurlsa::msv1_0 normalized structure for LsaIso
[experimental] sekurlsa::kerberos try to acquire session key from LsaIso
[experimental] sekurlsa::dpapi key from msv1_0 when LsaIso (not encrypted)
2020-02-24 23:52:47 +01:00
f9922d8db7
fix closing SAM registry key twice
2020-02-20 21:46:10 +08:00
b098bf37cf
[new] dpapi::chrome supports AES-256-GCM decryption for new Logins & Cookies
...
[new] dpapi::cred & vault::cred now supports double DPAPI for INET & Ivanti credentials
2020-02-08 12:42:34 +01:00
6972319852
[new] dpapi::masterkey now supports derivation from NTLM hash for protected user (/protected) instead of password
2020-01-23 10:12:22 +01:00
60033c8e75
Removing previous SQLite3 dependencies
2020-01-04 19:20:55 +01:00
421a4d2b2d
lsadump & Chrome updates
...
[new] lsadump::sam support SupplementalCredentials in local SAM (close #250 ) - thank you @MichaelGrafnetter
[enhance] lsadump::sam with better logic in revision/flag detection (without new code), fix #99 , fix #165 , fix #249
[enhance] chrome::dpapi by integration of an updated SQLite3 library with less OMIT (must fix #246 , no SQLITE_OMIT_AUTOINCREMENT)
2020-01-04 19:13:16 +01:00
c832504acd
Crypto, crypto everywhere
...
[new] crypto::capi patch DSS CSP (experimental)
[new] crypto::keys export DSA, EC keys
[new] crypto::kutil import PEM, DER, PKCS#8, CAPI blob & CNG blob when possible, convert it to PKCS#8, or make a PKCS#12 with a PEM or DER certificate
[new] dpapi::capi & dpapi::cng export private keys in PVK format for legacy (RSA & DSA) or PKCS#8 for others (like EC)
[new] crypto:: & dpapi:: keys & cert functions with more informations
2020-01-02 19:31:05 +01:00
699ce3c132
[new] crypto::scauth /sha1 (RSA SHA1 signature algorithm instead of default RSA SHA256)
...
[new] crypto::scauth /keysize:x (RSA key size instead of default 2048 bits)
[new] crypto::scauth /cahash:SHA1 (to search for CA by its SHA1 instead of /caname)
[new] crypto::scauth /cn:w /o:x /ou:y /c:z (to specify DN fields instead of defaults UPN, mimikatz, NULL and FR)
[new] dpapi::luna (to decrypt slot password with KSP configuration)
2019-12-23 01:00:47 +01:00
3c81f16b5b
New DPAPI stuff & crypto
...
[new] dpapi::masterkey now supports SID with SYSTEM_DPAPI (for @dirkjanm services ;))
[new] dpapi::cache filter non relevant SIDs
[new] dpapi::cred now supports WinInet double DPAPI
[new] dpapi::blob /raw for hex input
[new] dpapi::blob /ascii to force ascii output (when not unicode data)
[new] crypto:: & dpapi::cng key & certificates flags from current SDK (VSM)
[new] sr98::nedap module (@iceman1001 <3)
[new] lsadump::mbc to dump MachineBoundCertificate
2019-11-25 03:03:09 +01:00
6436bbe7bc
A commit to make Carlos @darkoperator happy
...
[new] mimikatz lsadump::cache /dcc:<hash> to support pushing a previous one without knowing NTLM or password
[new] mimikatz misc::lock to lock the session of current user/all users if available (privilege::debug)
[fix #220 ] that damn wcsicmp/_wcsicmp ;)
2019-08-14 01:42:18 +02:00
46bede3a8c
[new] mimikatz dpapi::ps function to deal with PSCredential and SecureString XML files.
...
[fix #214 ] Fis sekurlsa key import for Windows 1809
2019-07-20 23:04:25 +02:00
46a0af7bb8
[new] sr98::noralsy encoder, sr98::em4100 reader
...
[fix] net::trust legacy flags
[fix] dpapi decrypt by rpc, remove /system flag (incompatible with system key)
2019-07-10 23:32:26 +02:00
b4f9467b9f
[fix] mimikatz sekurlsa::kerberos for Windows 1903 (build 18362) for x86
2019-05-13 01:38:31 +02:00
68ac65b426
[new] mimikatz Windows 10 1903 (build 18362) support
2019-05-13 01:17:31 +02:00
c3b4af1636
[removing] mimikatz sekurlsa module: removing a particular encryption/decryption for a Windows beta
2019-05-04 01:57:46 +02:00
72b83acb29
[new] mimikatz sekurlsa module now supports minidumps from NT 5, on NT >= 6 too
2019-05-04 01:54:38 +02:00
4d4d047b50
[new] mimikatz for NT5 (XP/2003) now supports DES-X-CBC and RC4 without LSASRV.DLL (thank you @NielsFerguson)
2019-05-01 23:22:02 +02:00
8c4bae5fa0
[fix] mimilib subauth: even BadPasswordCount to be compatible with Kerberos pre-auth
2019-04-28 22:12:10 +02:00
641a3b29ac
[new] lsadump::changentlm & lsadump::setntlm are now supporting /rid instead of /user
...
[interne] crypto::scauth try to set the signature PIN when exchange fails
2019-04-15 02:10:47 +02:00
5fc3351d7a
[ fix #199 ] Allow dpapi::chrome to open DB without lock (library update to support win32-none VFS) thank you @psychomario !
...
[new] net::trust adds LDAP search to get objectGuid for lsadump::dcsync usage
2019-04-12 01:25:20 +02:00
ac46e32d06
[update] mimidrv for 2016 up to date
...
[interna] cosmetic
2019-04-09 00:53:35 +02:00
6910c7b930
[new] mimikatz net::deleg now support /server and /dns arguments
2019-04-04 23:47:54 +02:00
e84c57f6cb
[new] net::deleg function in mimikatz
...
[new] owl module for Cam
2019-03-29 03:11:00 +01:00
b008188f9f
Big update :)
...
[new] mimikatz & mimilib **very** experimental support for ARM64
[better] code for Mifare protocol
[better] code for sekurlsa WinDBG plugin (credential keys, still not good enough)
[new] mimilib sub authentication package for @vletoux with 'bad password knocking' and magic password
[new] mimikatz: unmarshalling usernames when marshalled
[fix] mimikatz SR98/RDM/Busylight could previously crash
[fix #184 ] again and again ;)
[fix #172 ] swscanf_s VS ARRAYSIZE macro
[fix #127 ] stdout/stdin/stderr vs modern Visual Studio and Windows XP support (thank you @Crypt0-M3lon)
[code] refactor for defined / !defined
2019-03-25 01:57:56 +01:00
fe6a853ec3
[new] mimikatz eventlog patch for 1803 ( for @darkoperator )
...
[new] mimikatz version includes maximum Windows build number tested
2018-12-10 00:03:02 +01:00
2fd09bbef0
[new] mimikatz & mimidrv full support for Windows 1809
2018-12-03 02:06:10 +01:00
e380febb61
[new/fix] misc::memssp for Windows 10 1803 x64
2018-09-25 15:06:44 -07:00
b87468c1b4
[new] mimikatz dpapi::rdg to decrypt saved passwords in RDG files (Remote Desktop Connection Manager)
2018-08-19 17:01:41 -07:00
3134be808f
[ fix #166 ] lsadump::secrets helper for 'TBAL' secret - thanks to @jagotu research ( http://vztekoverflow.com/2018/07/31/tbal-dpapi-backdoor/ )
2018-08-16 15:53:38 -07:00
56d9db738a
Vegas Edition
...
[new] lsadump::dchadow updates (linger, new helpers, fixes)
[new] ACR & PN532 module
2018-08-14 13:13:03 -07:00
110a831ebe
[new] process run with parent PID (NT6)
2018-06-16 18:46:50 +02:00
c0f05a5286
[ fix #155 ] ts::multirdp for Windows 10 1803 x64 (x86 was ok)
2018-05-27 02:45:45 +02:00
0798214d73
[new] dpapi::ssh from an idea of @ropnop and for Tal Be'ery
...
[fix] sr98::raw blocks array (fix #149 - thank you @steelfly33)
2018-05-26 01:42:20 +02:00
c8cb4111d7
[fix] Windows 10 1803 (17134) support (the real one this time :))
...
[new] RDM(830 AL) HF reader/writer basic support
2018-05-02 00:29:34 +02:00
83c1355682
removing specific HID library for Busylight
...
a generic one will come
2018-05-02 00:23:12 +02:00
a0f243b335
[fix] don't ask me why, but fixing previous SVN commit
2018-04-24 01:23:31 +02:00
2f66115ccd
[fix] Passing the hash issue when replacing password in some Windows 10 versions
...
[fix] kerberos & crypto FindFile issue when enumerating kirbi & certificate files in directories
[fix] adding Fci.h file in includes
[new] kerberos::golden can make tickets without PAC when avoiding the /sid parameters
[new] crypto::sc tries to get informations with readers without cards
[new] sr98:: module to deal with LF writer and T5577 cards
2018-04-24 01:21:00 +02:00
Benjamin DELPY
Timo Hirvonen
Youfu Zhang