search

PowerShellMafia / PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework
Other
11.68k stars 4.59k forks source link

Invoke-Mimikatz + Windows 10 (1909) #349

Open init5-SF opened 4 years ago

init5-SF commented 4 years ago

Hello, Invoke-Mimikatz doesn't work with the mentioned windows 10 version (AMSI/AV disabled) I downloaded the latest mimikatz.exe, converted both the 64 and 32 bit binaries to string and replaced the $PEBytes64 and $PEBytes32 with the new strings, and still didnt work, in fact it gave me the same exact error message. Any suggestions? This is a sample of the error message:

Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:886 char:6
+         $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddr ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AmbiguousMatchException

You cannot call a method on a null-valued expression.
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:893 char:6
+         Write-Output $GetProcAddress.Invoke($null, @([System.Runtime. ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Cannot find an overload for "GetDelegateForFunctionPointer" and the argument count: "2".
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:489 char:3
+         $VirtualAlloc = [System.Runtime.InteropServices.Marshal]::Get ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest

Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:886 char:6
+         $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddr ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AmbiguousMatchException

You cannot call a method on a null-valued expression.
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:893 char:6
+         Write-Output $GetProcAddress.Invoke($null, @([System.Runtime. ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Cannot find an overload for "GetDelegateForFunctionPointer" and the argument count: "2".
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:494 char:3
+         $VirtualAllocEx = [System.Runtime.InteropServices.Marshal]::G ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest

Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:886 char:6
+         $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddr ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AmbiguousMatchException

You cannot call a method on a null-valued expression.
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:893 char:6
+         Write-Output $GetProcAddress.Invoke($null, @([System.Runtime. ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Cannot find an overload for "GetDelegateForFunctionPointer" and the argument count: "2".
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:499 char:3
+         $memcpy = [System.Runtime.InteropServices.Marshal]::GetDelega ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest

Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:886 char:6
+         $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddr ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AmbiguousMatchException

You cannot call a method on a null-valued expression.
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:893 char:6
+         Write-Output $GetProcAddress.Invoke($null, @([System.Runtime. ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Cannot find an overload for "GetDelegateForFunctionPointer" and the argument count: "2".
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:504 char:3
+         $memset = [System.Runtime.InteropServices.Marshal]::GetDelega ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest

Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:886 char:6
+         $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddr ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AmbiguousMatchException

You cannot call a method on a null-valued expression.
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:893 char:6
+         Write-Output $GetProcAddress.Invoke($null, @([System.Runtime. ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Cannot find an overload for "GetDelegateForFunctionPointer" and the argument count: "2".
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:509 char:3
+         $LoadLibrary = [System.Runtime.InteropServices.Marshal]::GetD ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest

Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:886 char:6
+         $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddr ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AmbiguousMatchException

You cannot call a method on a null-valued expression.
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:893 char:6
+         Write-Output $GetProcAddress.Invoke($null, @([System.Runtime. ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Cannot find an overload for "GetDelegateForFunctionPointer" and the argument count: "2".
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:514 char:3
+         $GetProcAddress = [System.Runtime.InteropServices.Marshal]::G ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest

Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:886 char:6
+         $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddr ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AmbiguousMatchException

You cannot call a method on a null-valued expression.
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:893 char:6
+         Write-Output $GetProcAddress.Invoke($null, @([System.Runtime. ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

Cannot find an overload for "GetDelegateForFunctionPointer" and the argument count: "2".
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:519 char:3
+         $GetProcAddressOrdinal = [System.Runtime.InteropServices.Mars ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodException
    + FullyQualifiedErrorId : MethodCountCouldNotFindBest

Exception calling "GetMethod" with "1" argument(s): "Ambiguous match found."
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:886 char:6
+         $GetProcAddress = $UnsafeNativeMethods.GetMethod('GetProcAddr ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : AmbiguousMatchException

You cannot call a method on a null-valued expression.
At D:\Toolz\OffsecScripts\Invoke-Mimikatz.ps1:893 char:6
+         Write-Output $GetProcAddress.Invoke($null, @([System.Runtime. ...
+         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull
Marshall-Hallenbeck commented 4 years ago

Getting the same error.

NZLostboy commented 3 years ago

This fixed it for me: https://github.com/mitre/caldera/issues/38#issuecomment-396055260