From c5168cdba6a3b2d7dd8d79c8ac9583d3ace6a504 Mon Sep 17 00:00:00 2001
From: mattifestation <mattgraeber@gmail.com>
Date: Mon, 3 Feb 2014 17:13:35 -0500
Subject: Removed mimikatz.

This doesn't need to reside in PowerSploit. Those that are truly
paranoid should validate that the embedded executable in
Invoke-Mimikatz.ps1 is indeed mimikatz.

This was causing AV to flag upon downloading PowerSploit.
---
 .../librairies/sekurlsa/modules/credman.h             | 19 -------------------
 1 file changed, 19 deletions(-)
 delete mode 100644 Exfiltration/mimikatz-1.0/librairies/sekurlsa/modules/credman.h

(limited to 'Exfiltration/mimikatz-1.0/librairies/sekurlsa/modules/credman.h')

diff --git a/Exfiltration/mimikatz-1.0/librairies/sekurlsa/modules/credman.h b/Exfiltration/mimikatz-1.0/librairies/sekurlsa/modules/credman.h
deleted file mode 100644
index 60d1249..0000000
--- a/Exfiltration/mimikatz-1.0/librairies/sekurlsa/modules/credman.h
+++ /dev/null
@@ -1,19 +0,0 @@
-/*	Benjamin DELPY `gentilkiwi`
-	http://blog.gentilkiwi.com
-	benjamin@gentilkiwi.com
-	Licence    : http://creativecommons.org/licenses/by/3.0/fr/
-	Ce fichier : http://creativecommons.org/licenses/by/3.0/fr/
-*/
-#pragma once
-#include "../sekurlsa.h"
-
-bool searchCredmanFuncs();
-__kextdll bool __cdecl getCredmanFunctions(mod_pipe * monPipe, vector<wstring> * mesArguments);
-__kextdll bool __cdecl getCredman(mod_pipe * monPipe, vector<wstring> * mesArguments);
-bool WINAPI getCredmanData(__in PLUID logId, __in mod_pipe * monPipe, __in bool justSecurity);
-
-wstring descEncryptedCredential(PENCRYPTED_CREDENTIALW pEncryptedCredential, __in bool justSecurity, wstring prefix = L"");
-
-typedef NTSTATUS (WINAPI * PCRED_I_ENUMERATE)	(IN PLUID pLUID, IN DWORD unk0,	IN LPCTSTR Filter, IN DWORD Flags, OUT DWORD *Count, OUT PCREDENTIAL **Credentials);
-typedef NTSTATUS (WINAPI * PCRED_I_ENUMERATE62) (IN PLUID pLUID,				IN LPCTSTR Filter, IN DWORD Flags, OUT DWORD *Count, OUT PCREDENTIAL **Credentials);
-
-- 
cgit v1.2.3