Mimikatz arguments parsing issue

MythicAgents / Apollo

A .NET Framework 4.0 Windows Agent

BSD 3-Clause "New" or "Revised" License

434 stars 90 forks source link

Mimikatz arguments parsing issue #80

Closed who1smrrobot closed 2 years ago

who1smrrobot commented 2 years ago

When e.g. trying a DCSynch by mimikatz via the following command:

The command arguments aren't correctly parsed to mimikatz:

I tried it with "" as well as without them, doesn't solve the issue.

djhohnstein commented 2 years ago

The issue is with the CLI parsing library we have. You'll need to escape the quotes.

Additionally, if you do load dcsync, and use the dcsync command directly, it's a wrapper around that submodule of mimikatz that performs the string escaping automatically. I'd try to either:

Use \"lsadump::dcsync /domain:student5.ecorp.local /user:student5\krbtgt\"
Use the built-in dcsync command to wrap the command up for you.

If you still run into issues after that let me know!

who1smrrobot commented 2 years ago

Awesome! Escaping fixed the issue and I'll sent you an suggestion for an update of the documentation.

Looking forward to the Apollo webinar next Wednesday ;)