Update kiwi extension to Mimikatz 2.2.0-20190512

rapid7 / metasploit-payloads

Unified repository for different Metasploit Framework payloads

Other

1.71k stars 666 forks source link

Update kiwi extension to Mimikatz 2.2.0-20190512 #353

Closed Fl0-0 closed 4 years ago

Fl0-0 commented 5 years ago

https://github.com/gentilkiwi/mimikatz/releases/tag/2.2.0-20190512

OJ commented 5 years ago

It's on my TODO List :)

jeffmcjunkin commented 4 years ago

Bumping for visibility - as of now this is the result of running creds_all on Win10 Enterprise x64 1903

(AKA, expected behavior, 2.1.1 doesn't get credentials from 1903)

meterpreter > load kiwi
Loading extension kiwi...
  .#####.   mimikatz 2.1.1 20180925 (x64/windows)
 .## ^ ##.  "A La Vie, A L'Amour"
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > http://blog.gentilkiwi.com/mimikatz
 '## v ##'        Vincent LE TOUX            ( vincent.letoux@gmail.com )
  '#####'         > http://pingcastle.com / http://mysmartlogon.com  ***/

Success.
meterpreter > creds_all
[+] Running as SYSTEM
[*] Retrieving all credentials

meterpreter > sysinfo
Computer        : IRRELEVANT
OS              : Windows 10 (10.0 Build 18362).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter > background
[*] Backgrounding session 1...
msf5 exploit(windows/smb/psexec) > version
Framework: 5.0.59-dev-
Console  : 5.0.59-dev-

phra commented 4 years ago

try this: https://iwantmore.pizza/posts/meterpreter-shellcode-inject.html

jeffmcjunkin commented 4 years ago

Shiny! I'll give it a shot, thanks @phra !

OJ commented 4 years ago

Working on this right now!

OJ commented 4 years ago

PR ready to go, will update Framework when the gem is ready.

jeffmcjunkin commented 4 years ago

Woohoo!

OJ commented 4 years ago

Need to bump the version shown in framework now! I'll get on that.

On Sat, 7 Dec 2019, 03:38 Jeff McJunkin, notifications@github.com wrote:

Woohoo!

— You are receiving this because you were assigned. Reply to this email directly, view it on GitHub https://github.com/rapid7/metasploit-payloads/issues/353?email_source=notifications&email_token=AAAHBYDSDKPGOQSJVF6EVTDQXKEX7A5CNFSM4HYUJNL2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEGE2FRA#issuecomment-562668228, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAHBYFVXL3Y3HU6SN2EA7TQXKEX7ANCNFSM4HYUJNLQ .

busterb commented 4 years ago

I've been bad about following MSF issue updates. Did I do it right?

OJ commented 4 years ago

I haven't checked to be honest :( Sorry. But we just need to adjust the Kiwi banner in framework so that the version number shown matches.

I did have a plan to change this so that it gets the version out of the binary directly. I might just do that soon.