From 59cd18360764af6e6133ad11ec9cd8295372e587 Mon Sep 17 00:00:00 2001
From: clymb3r <bialek.joseph@gmail.com>
Date: Tue, 1 Oct 2013 09:47:05 -0700
Subject: Adding Invoke-Mimikatz and Invoke-Ninjacopy

---
 .../librairies/klock/Win32/CL.read.1.tlog          | Bin 0 -> 125158 bytes
 .../librairies/klock/Win32/CL.write.1.tlog         | Bin 0 -> 3668 bytes
 .../librairies/klock/Win32/cl.command.1.tlog       | Bin 0 -> 5964 bytes
 .../klock/Win32/klock.dll.intermediate.manifest    |  10 ++
 .../librairies/klock/Win32/klock.lastbuildstate    |   2 +
 .../mimikatz-1.0/librairies/klock/Win32/klock.res  | Bin 0 -> 740 bytes
 .../librairies/klock/Win32/klock.write.1.tlog      |   5 +
 .../librairies/klock/Win32/link-cvtres.read.1.tlog |   1 +
 .../klock/Win32/link-cvtres.write.1.tlog           |   1 +
 .../librairies/klock/Win32/link.command.1.tlog     | Bin 0 -> 2494 bytes
 .../librairies/klock/Win32/link.read.1.tlog        | Bin 0 -> 4222 bytes
 .../librairies/klock/Win32/link.write.1.tlog       | Bin 0 -> 1570 bytes
 .../librairies/klock/Win32/mt.command.1.tlog       | Bin 0 -> 934 bytes
 .../librairies/klock/Win32/mt.read.1.tlog          | Bin 0 -> 1098 bytes
 .../librairies/klock/Win32/mt.write.1.tlog         | Bin 0 -> 578 bytes
 .../librairies/klock/Win32/rc.command.1.tlog       | Bin 0 -> 630 bytes
 .../librairies/klock/Win32/rc.read.1.tlog          | Bin 0 -> 2532 bytes
 .../librairies/klock/Win32/rc.write.1.tlog         | Bin 0 -> 374 bytes
 .../mimikatz-1.0/librairies/klock/klock.cpp        |  97 +++++++++++++++
 Exfiltration/mimikatz-1.0/librairies/klock/klock.h |  14 +++
 .../mimikatz-1.0/librairies/klock/klock.rc         | Bin 0 -> 1866 bytes
 .../mimikatz-1.0/librairies/klock/klock.vcxproj    | 131 +++++++++++++++++++++
 .../librairies/klock/klock.vcxproj.filters         |  53 +++++++++
 23 files changed, 314 insertions(+)
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/CL.read.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/CL.write.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/cl.command.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.dll.intermediate.manifest
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.lastbuildstate
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.res
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.write.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/link-cvtres.read.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/link-cvtres.write.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.command.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.read.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.write.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.command.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.read.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.write.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.command.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.read.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.write.1.tlog
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/klock.cpp
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/klock.h
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/klock.rc
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/klock.vcxproj
 create mode 100644 Exfiltration/mimikatz-1.0/librairies/klock/klock.vcxproj.filters

(limited to 'Exfiltration/mimikatz-1.0/librairies/klock')

diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/CL.read.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/CL.read.1.tlog
new file mode 100644
index 0000000..bcd26b3
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/CL.read.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/CL.write.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/CL.write.1.tlog
new file mode 100644
index 0000000..73eaec6
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/CL.write.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/cl.command.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/cl.command.1.tlog
new file mode 100644
index 0000000..5cef6b9
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/cl.command.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.dll.intermediate.manifest b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.dll.intermediate.manifest
new file mode 100644
index 0000000..ecea6f7
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.dll.intermediate.manifest
@@ -0,0 +1,10 @@
+<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
+<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
+  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
+    <security>
+      <requestedPrivileges>
+        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
+      </requestedPrivileges>
+    </security>
+  </trustInfo>
+</assembly>
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.lastbuildstate b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.lastbuildstate
new file mode 100644
index 0000000..4d28193
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.lastbuildstate
@@ -0,0 +1,2 @@
+#v4.0:v100
+Release|Win32|C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\|
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.res b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.res
new file mode 100644
index 0000000..3104953
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.res differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.write.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.write.1.tlog
new file mode 100644
index 0000000..3cfbe7b
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/klock.write.1.tlog
@@ -0,0 +1,5 @@
+^C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\librairies\klock\klock.vcxproj
+C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\Win32\klock.lib
+C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\Win32\klock.lib
+C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\Win32\klock.exp
+C:\Github\PowerShellExperimental\Invoke-Mimikatz\mimikatz-1.0\Win32\klock.exp
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link-cvtres.read.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link-cvtres.read.1.tlog
new file mode 100644
index 0000000..46b134b
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link-cvtres.read.1.tlog
@@ -0,0 +1 @@
+ÿþ
\ No newline at end of file
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link-cvtres.write.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link-cvtres.write.1.tlog
new file mode 100644
index 0000000..46b134b
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link-cvtres.write.1.tlog
@@ -0,0 +1 @@
+ÿþ
\ No newline at end of file
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.command.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.command.1.tlog
new file mode 100644
index 0000000..966e3ca
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.command.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.read.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.read.1.tlog
new file mode 100644
index 0000000..118ff20
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.read.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.write.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.write.1.tlog
new file mode 100644
index 0000000..ed695be
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/link.write.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.command.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.command.1.tlog
new file mode 100644
index 0000000..96b5f5a
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.command.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.read.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.read.1.tlog
new file mode 100644
index 0000000..6e3ab6c
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.read.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.write.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.write.1.tlog
new file mode 100644
index 0000000..df7edcc
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/mt.write.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.command.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.command.1.tlog
new file mode 100644
index 0000000..055dfdc
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.command.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.read.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.read.1.tlog
new file mode 100644
index 0000000..ee2aaa1
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.read.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.write.1.tlog b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.write.1.tlog
new file mode 100644
index 0000000..a07a6d6
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/Win32/rc.write.1.tlog differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/klock.cpp b/Exfiltration/mimikatz-1.0/librairies/klock/klock.cpp
new file mode 100644
index 0000000..9717c49
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/librairies/klock/klock.cpp
@@ -0,0 +1,97 @@
+/*	Benjamin DELPY `gentilkiwi`
+	http://blog.gentilkiwi.com
+	benjamin@gentilkiwi.com
+	Licence : http://creativecommons.org/licenses/by/3.0/fr/
+*/
+#include "klock.h"
+
+__kextdll bool __cdecl getDescription(wstring * maDescription)
+{
+	maDescription->assign(L"kLock : librairie de manipulation des bureaux");
+	return true;
+}
+
+bool getNameOfDesktop(HDESK desktop, wstring &bureau)
+{
+	bool resultat = false;
+	
+	wchar_t * monBuffer;
+	DWORD tailleRequise = 0;
+	
+	if(!GetUserObjectInformation(desktop, UOI_NAME, NULL, 0, &tailleRequise) && (tailleRequise > 0))
+	{
+		monBuffer = new wchar_t[tailleRequise];
+		if(resultat = (GetUserObjectInformation(desktop, UOI_NAME, monBuffer, tailleRequise, &tailleRequise) != 0))
+		{
+			bureau.assign(monBuffer);
+		}
+		delete[] monBuffer;
+	}
+	return resultat;
+}
+
+__kextdll bool __cdecl echange(mod_pipe * monPipe, vector<wstring> * mesArguments)
+{
+	wstringstream maReponse;
+	wstring source, cible, monBureau;
+	bool modeFullAuto = true;
+
+	if(mesArguments->size() == 2)
+	{
+		modeFullAuto = false;
+		source = mesArguments->front();
+		cible = mesArguments->back();
+	}
+	
+	if (HDESK hOriginalDesktop = OpenInputDesktop(0, FALSE, GENERIC_READ | DESKTOP_SWITCHDESKTOP))
+	{
+		if(getNameOfDesktop(hOriginalDesktop, monBureau))
+		{
+			maReponse << L"Bureau courant : " << monBureau << endl;
+			
+			if((_wcsicmp(monBureau.c_str(), source.c_str()) == 0) || modeFullAuto)
+			{
+				if(modeFullAuto)
+					cible = _wcsicmp(monBureau.c_str(), L"Default") == 0 ? L"WinLogon" : L"Default";
+
+				maReponse << L"Bureau cible   : " << cible << endl;
+
+				if (HDESK hNewDesktop = OpenDesktop(cible.c_str(), 0, FALSE, DESKTOP_SWITCHDESKTOP))
+				{
+					if (SwitchDesktop(hNewDesktop))
+						maReponse << L"Switch du bureau réussi !";
+					else
+						maReponse << L"Erreur : impossible de basculer le bureau ; SwitchDesktop : " << mod_system::getWinError();
+					maReponse << endl;
+					CloseDesktop(hNewDesktop);
+				}
+				else maReponse << "Erreur : impossible d\'ouvrir le bureau cible (" << cible << L") ; OpenDesktop : " << mod_system::getWinError();
+			}
+			else if(!modeFullAuto)
+				maReponse << L"Erreur : le bureau courant (" << monBureau << L") ne correspond pas au bureau source indiqué (" << source << L")" << endl;
+		}
+		else maReponse << L"Erreur : impossible d\'obtenir le nom du bureau courant ; getNameOfDesktop : " << mod_system::getWinError() << endl;
+
+		CloseDesktop(hOriginalDesktop);
+	}
+	else maReponse << L"Erreur : impossible d\'ouvrir le bureau courant ; OpenInputDesktop : " << mod_system::getWinError() << endl;
+
+	return sendTo(monPipe, maReponse.str());
+}
+
+__kextdll bool __cdecl getDesktop(mod_pipe * monPipe, vector<wstring> * mesArguments)
+{
+	wstringstream maReponse;
+	wstring monBureau;
+
+	if (HDESK hDesktop = OpenInputDesktop(0, FALSE, GENERIC_READ))
+	{
+		if(getNameOfDesktop(hDesktop, monBureau))
+			maReponse << L"Bureau courant : " << monBureau << endl;
+		else
+			maReponse << L"Erreur : impossible d\'obtenir le nom du bureau courant ; getNameOfDesktop : " << mod_system::getWinError() << endl;
+
+		CloseDesktop(hDesktop);
+	}
+	return sendTo(monPipe, maReponse.str());
+}
\ No newline at end of file
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/klock.h b/Exfiltration/mimikatz-1.0/librairies/klock/klock.h
new file mode 100644
index 0000000..e6ea046
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/librairies/klock/klock.h
@@ -0,0 +1,14 @@
+/*	Benjamin DELPY `gentilkiwi`
+	http://blog.gentilkiwi.com
+	benjamin@gentilkiwi.com
+	Licence : http://creativecommons.org/licenses/by/3.0/fr/
+*/
+#pragma once
+#include "kmodel.h"
+#include "mod_system.h"
+
+__kextdll bool __cdecl getDescription(wstring * maDescription);
+
+bool getNameOfDesktop(HDESK desktop, wstring &bureau);
+__kextdll bool __cdecl echange(mod_pipe * monPipe, vector<wstring> * mesArguments);
+__kextdll bool __cdecl getDesktop(mod_pipe * monPipe, vector<wstring> * mesArguments);
\ No newline at end of file
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/klock.rc b/Exfiltration/mimikatz-1.0/librairies/klock/klock.rc
new file mode 100644
index 0000000..28599d2
Binary files /dev/null and b/Exfiltration/mimikatz-1.0/librairies/klock/klock.rc differ
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/klock.vcxproj b/Exfiltration/mimikatz-1.0/librairies/klock/klock.vcxproj
new file mode 100644
index 0000000..a93a79d
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/librairies/klock/klock.vcxproj
@@ -0,0 +1,131 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup Label="ProjectConfigurations">
+    <ProjectConfiguration Include="Release|Win32">
+      <Configuration>Release</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Release|x64">
+      <Configuration>Release</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
+  </ItemGroup>
+  <PropertyGroup Label="Globals">
+    <ProjectGuid>{6556249E-1C80-4047-A863-F608C8B8AC55}</ProjectGuid>
+    <Keyword>Win32Proj</Keyword>
+    <RootNamespace>klock</RootNamespace>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+    <UseOfMfc>Static</UseOfMfc>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+    <ConfigurationType>DynamicLibrary</ConfigurationType>
+    <UseDebugLibraries>false</UseDebugLibraries>
+    <WholeProgramOptimization>true</WholeProgramOptimization>
+    <CharacterSet>Unicode</CharacterSet>
+    <UseOfMfc>Static</UseOfMfc>
+  </PropertyGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+  <ImportGroup Label="ExtensionSettings">
+  </ImportGroup>
+  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+  </ImportGroup>
+  <PropertyGroup Label="UserMacros" />
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\</OutDir>
+    <IntDir>$(Platform)\</IntDir>
+  </PropertyGroup>
+  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <LinkIncremental>false</LinkIncremental>
+    <OutDir>$(SolutionDir)$(Platform)\</OutDir>
+    <IntDir>$(Platform)\</IntDir>
+  </PropertyGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <Optimization>Full</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;KLOCK_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(SolutionDir)/commun;$(SolutionDir)/modules;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>false</ExceptionHandling>
+      <FloatingPointModel>Fast</FloatingPointModel>
+      <FloatingPointExceptions>false</FloatingPointExceptions>
+      <CreateHotpatchableImage>false</CreateHotpatchableImage>
+      <ErrorReporting>None</ErrorReporting>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>user32.lib;shlwapi.lib;secur32.lib</AdditionalDependencies>
+      <LinkErrorReporting>NoErrorReport</LinkErrorReporting>
+    </Link>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+  </ItemDefinitionGroup>
+  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+    <ClCompile>
+      <WarningLevel>Level3</WarningLevel>
+      <PrecompiledHeader>NotUsing</PrecompiledHeader>
+      <Optimization>Full</Optimization>
+      <FunctionLevelLinking>true</FunctionLevelLinking>
+      <IntrinsicFunctions>true</IntrinsicFunctions>
+      <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;KLOCK_EXPORTS;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+      <AdditionalIncludeDirectories>$(SolutionDir)/commun;$(SolutionDir)/modules;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+      <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
+      <StringPooling>true</StringPooling>
+      <ExceptionHandling>false</ExceptionHandling>
+      <FloatingPointModel>Fast</FloatingPointModel>
+      <FloatingPointExceptions>false</FloatingPointExceptions>
+      <CreateHotpatchableImage>false</CreateHotpatchableImage>
+      <ErrorReporting>None</ErrorReporting>
+    </ClCompile>
+    <Link>
+      <SubSystem>Windows</SubSystem>
+      <GenerateDebugInformation>false</GenerateDebugInformation>
+      <EnableCOMDATFolding>true</EnableCOMDATFolding>
+      <OptimizeReferences>true</OptimizeReferences>
+      <AdditionalDependencies>user32.lib;shlwapi.lib;secur32.lib</AdditionalDependencies>
+      <LinkErrorReporting>NoErrorReport</LinkErrorReporting>
+    </Link>
+    <ResourceCompile>
+      <Culture>0x040c</Culture>
+    </ResourceCompile>
+  </ItemDefinitionGroup>
+  <ItemGroup>
+    <ResourceCompile Include="klock.rc" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\commun\kmodel.cpp" />
+    <ClCompile Include="..\..\modules\mod_parseur.cpp" />
+    <ClCompile Include="..\..\modules\mod_pipe.cpp" />
+    <ClCompile Include="..\..\modules\mod_system.cpp" />
+    <ClCompile Include="klock.cpp" />
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\commun\kmodel.h" />
+    <ClInclude Include="..\..\modules\mod_parseur.h" />
+    <ClInclude Include="..\..\modules\mod_pipe.h" />
+    <ClInclude Include="..\..\modules\mod_system.h" />
+    <ClInclude Include="klock.h" />
+  </ItemGroup>
+  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+  <ImportGroup Label="ExtensionTargets">
+  </ImportGroup>
+</Project>
\ No newline at end of file
diff --git a/Exfiltration/mimikatz-1.0/librairies/klock/klock.vcxproj.filters b/Exfiltration/mimikatz-1.0/librairies/klock/klock.vcxproj.filters
new file mode 100644
index 0000000..cc5f342
--- /dev/null
+++ b/Exfiltration/mimikatz-1.0/librairies/klock/klock.vcxproj.filters
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <ItemGroup>
+    <Filter Include="Modules Communs">
+      <UniqueIdentifier>{255a8a01-9f58-4a47-9d1e-1d5fc9f16419}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Modules Communs\Communication">
+      <UniqueIdentifier>{d6070dc8-7a9b-46c0-b75a-5fd6c10f8613}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Modules Communs\Parseur">
+      <UniqueIdentifier>{01639990-b135-46fe-8511-84761977c1bf}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Modules Communs\Librairie Modèle">
+      <UniqueIdentifier>{fa3fed71-2d05-4e39-a46b-59e9b2c83e04}</UniqueIdentifier>
+    </Filter>
+    <Filter Include="Modules Communs\System">
+      <UniqueIdentifier>{e53f7390-cd26-41d0-9f10-ea350fc88e43}</UniqueIdentifier>
+    </Filter>
+  </ItemGroup>
+  <ItemGroup>
+    <ClCompile Include="..\..\modules\mod_pipe.cpp">
+      <Filter>Modules Communs\Communication</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\modules\mod_parseur.cpp">
+      <Filter>Modules Communs\Parseur</Filter>
+    </ClCompile>
+    <ClCompile Include="..\..\commun\kmodel.cpp">
+      <Filter>Modules Communs\Librairie Modèle</Filter>
+    </ClCompile>
+    <ClCompile Include="klock.cpp" />
+    <ClCompile Include="..\..\modules\mod_system.cpp">
+      <Filter>Modules Communs\System</Filter>
+    </ClCompile>
+  </ItemGroup>
+  <ItemGroup>
+    <ClInclude Include="..\..\modules\mod_pipe.h">
+      <Filter>Modules Communs\Communication</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\modules\mod_parseur.h">
+      <Filter>Modules Communs\Parseur</Filter>
+    </ClInclude>
+    <ClInclude Include="..\..\commun\kmodel.h">
+      <Filter>Modules Communs\Librairie Modèle</Filter>
+    </ClInclude>
+    <ClInclude Include="klock.h" />
+    <ClInclude Include="..\..\modules\mod_system.h">
+      <Filter>Modules Communs\System</Filter>
+    </ClInclude>
+  </ItemGroup>
+  <ItemGroup>
+    <ResourceCompile Include="klock.rc" />
+  </ItemGroup>
+</Project>
\ No newline at end of file
-- 
cgit v1.2.3