This repository contains various non-core plugins for MemProcFS - The Memory Process File System.
Plugins range from non-core plugins to plugins that have offensive capabilities - such as pypykatz. Please find a short description for each plugin below:
Tamas Jos (@skelsec) , info@skelsec.com , https://github.com/skelsec/
regsecrets for MemProcFS exposes mimikatz functionality in the folder /py/regsecrets/
in the file system root provided that the target is a supported Windows system. Functionality includes retrieval NTLM hashes for local accounts amongst other things.
- Ensure MemProcFS supported version of 64-bit Python for Windows is on the system path (or specify in
-pythonpath
option when starting MemProcFS). NB! embedded Python will not work with pypykatz and aiowinreg since it requires access to Python pip installed packages. - Install pypykatz and aiowinreg pip package, in correct python environment, by running
pip install pypykatz aiowinreg
. - Copy the pyregsecrets for MemProcFS plugin by copying all files from
/files/plugins/pym_regsecrets
to corresponding folder in MemProcFS - overwriting any existing files there. - Start MemProcFS.