#147 Bugfix: Invoke-Mimikatz

Invoke-Mimikatz was not not handling functions exported by ordinal. Thank you @gentilkiwi for the suggested fix!
author: Matt Graeber <matt@exploit-monday.com> 2016-07-15 14:07:10 -0700
committer: Matt Graeber <matt@exploit-monday.com> 2016-07-15 14:28:55 -0700
commit: fee3b4c642c6cae1ef18b85b7ae30111518e84fd (patch)
tree: 52b9754f0a237acd98384a859a6da4f71d9610a2 /Exfiltration/Invoke-Mimikatz.ps1
parent: 8d46d02099e83e41528e60e0ce729b362e3344bc (diff)
download: PowerSploit-fee3b4c642c6cae1ef18b85b7ae30111518e84fd.tar.gz
PowerSploit-fee3b4c642c6cae1ef18b85b7ae30111518e84fd.zip
1 files changed, 8 insertions, 1 deletions
diff --git a/Exfiltration/Invoke-Mimikatz.ps1 b/Exfiltration/Invoke-Mimikatz.ps1
index f95daa3..bb18cfa 100644
--- a/Exfiltration/Invoke-Mimikatz.ps1
+++ b/Exfiltration/Invoke-Mimikatz.ps1
@@ -1687,7 +1687,14 @@ $RemoteScriptBlock = {
 					}
 					else
 					{
-						[IntPtr]$NewThunkRef = $Win32Functions.GetProcAddress.Invoke($ImportDllHandle, $ProcedureName)
+						if($ProcedureName -is [string])
+						{
+						    [IntPtr]$NewThunkRef = $Win32Functions.GetProcAddress.Invoke($ImportDllHandle, $ProcedureName)
+						}
+						else
+						{
+						    [IntPtr]$NewThunkRef = $Win32Functions.GetProcAddressOrdinal.Invoke($ImportDllHandle, $ProcedureName)
+						}
 					}
 					
 					if ($NewThunkRef -eq $null -or $NewThunkRef -eq [IntPtr]::Zero)
author	Matt Graeber <matt@exploit-monday.com>	2016-07-15 14:07:10 -0700
committer	Matt Graeber <matt@exploit-monday.com>	2016-07-15 14:28:55 -0700
commit	fee3b4c642c6cae1ef18b85b7ae30111518e84fd (patch)
tree	52b9754f0a237acd98384a859a6da4f71d9610a2 /Exfiltration/Invoke-Mimikatz.ps1
parent	8d46d02099e83e41528e60e0ce729b362e3344bc (diff)
download	PowerSploit-fee3b4c642c6cae1ef18b85b7ae30111518e84fd.tar.gz PowerSploit-fee3b4c642c6cae1ef18b85b7ae30111518e84fd.zip