/MemProcFS-plugins

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

Plugins for MemProcFS

This repository contains various non-core plugins for MemProcFS - The Memory Process File System.

Plugins range from non-core plugins to plugins that have offensive capabilities - such as pypykatz. Please find a short description for each plugin below:

pypykatz regsecrets

Author:

Tamas Jos (@skelsec) , info@skelsec.com , https://github.com/skelsec/

Overview:

regsecrets for MemProcFS exposes mimikatz functionality in the folder /py/regsecrets/ in the file system root provided that the target is a supported Windows system. Functionality includes retrieval NTLM hashes for local accounts amongst other things.

Installation instructions:

  1. Ensure MemProcFS supported version of 64-bit Python for Windows is on the system path (or specify in -pythonpath option when starting MemProcFS). NB! embedded Python will not work with pypykatz and aiowinreg since it requires access to Python pip installed packages.
  2. Install pypykatz and aiowinreg pip package, in correct python environment, by running pip install pypykatz aiowinreg.
  3. Copy the pyregsecrets for MemProcFS plugin by copying all files from /files/plugins/pym_regsecrets to corresponding folder in MemProcFS - overwriting any existing files there.
  4. Start MemProcFS.

Last updated: 2021-03-21