icyguider
commented
2 years ago Hi @kleiton0x00,
Thanks for your positive feedback :). The short answer to your question is that it is possible, but only with the "CurrentThread" shellcode execution method. Because it executes the shellcode in the current thread, the output from programs like Mimikatz is automatically printed directly to the console. In addition, the -v flag must be supplied so that console output is enabled.
Here's a quick step-by-step of how to execute Mimikatz with donut and Shhhloader:
Generate shellcode for Mimikatz with Donut:
donut mimikatz.exe -b1 -o mimidonut.binUse Shhhloader to generate loader using the "CurrentThread" execution method and verbose output:
./Shhhloader.py mimidonut.bin -m CurrentThread -ns -vExecute output exe on target system. You should get a fully functional interactive mimikatz prompt:
See Screenshot
To my surprise it actually seems to work decently well against AV too. Got past Windows Defender with a simple sandbox check and OLLVM:
See Video
I will potentially add more support for executing shellcode like this via other techniques in the future. I hope this was helpful and let me know if you have any more questions.
kleiton0x00
Hi, I've played around with the tool since its first release and I really must say that you and your contributors have done a really great job. The tool works fine with CS/Metasploit shellcodes, however it doesn't work with Mimikatz's shellcode (generated from Donut). It does compile successfully, but there is no output displayed when executed (no crashes at all, just no output). I've seen this type of behaviour on other tools as well, maybe it is because of the generated shellcode itself as it is 1.4 million bytes long 🤔
Looking forward to your answer :)