inovke-mimikatz.ps1 no longer works on 'any' patched Windows hosts -(e.g. win8,win2012,ect.)

[mobychien]

invoke-mimikatz works on unpatched Windows 2012 R2 server.
Once, the same server has been patched to the latest patch level, invoke-mimikatz failed to execute with the following errors: Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."

• CategoryInfo : NotSpecified: (:) [], MethodInvocationException
• FullyQualifiedErrorId : AmbiguousMatchException
• PSComputerName : my-tstwin12r2 You cannot call a method on a null-valued expression.
• CategoryInfo : InvalidOperation: (:) [], RuntimeException
• FullyQualifiedErrorId : InvokeMethodOnNull
• PSComputerName : my-tstwin12r2 Cannot find an overload for "GetDelegateForFunctionPointer" and the argument count: "2".
• CategoryInfo : NotSpecified: (:) [], MethodException
• FullyQualifiedErrorId : MethodCountCouldNotFindBest
• PSComputerName : my-tstwin12r2 .............................................................. VirtualAlloc failed to allocate memory for PE. If PE is not ASLR compatible, try running the script in a new PowerShell process (the new PowerShell process will have a different memory layout, so the address the PE wants might be free). At line:2569 char:3
  • Invoke-Command -ScriptBlock $RemoteScriptBlock -ArgumentList ...

• CategoryInfo : OperationStopped: (VirtualAlloc fa...might be free).:String) [], RuntimeException
• FullyQualifiedErrorId : VirtualAlloc failed to allocate memory for PE. If PE is not ASLR compatible, try running the scri pt in a new PowerShell process (the new PowerShell process will have a different memory layout, so the address the PE wants
  might be free).

[phra]

:+1:

any news?

[jun0s]

Thank you @phra the solution works for me 👍 ..... same issue with invoke-ninjacopy, same solution and any Reflective PE Injection related.

[Al13n0]

Thank you @phra the solution works for me 👍 ..... same issue with invoke-ninjacopy, same solution and any Reflective PE Injection related.

How did you solve it? I am still getting that error

[jun0s]

he fix it in this repo... https://github.com/phra/PowerSploit/commit/4c7a2016fc7931cd37273c5d8e17b16d959867b3 and i make the local changes for invoke-ninjacopy.

[phra]

there is a PR: https://github.com/PowerShellMafia/PowerSploit/pull/314