From c5168cdba6a3b2d7dd8d79c8ac9583d3ace6a504 Mon Sep 17 00:00:00 2001 From: mattifestation Date: Mon, 3 Feb 2014 17:13:35 -0500 Subject: Removed mimikatz. This doesn't need to reside in PowerSploit. Those that are truly paranoid should validate that the embedded executable in Invoke-Mimikatz.ps1 is indeed mimikatz. This was causing AV to flag upon downloading PowerSploit. --- .../mimikatz/modules/mod_mimikatz_nogpo.h | 30 ---------------------- 1 file changed, 30 deletions(-) delete mode 100644 Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_nogpo.h (limited to 'Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_nogpo.h') diff --git a/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_nogpo.h b/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_nogpo.h deleted file mode 100644 index c96e22f..0000000 --- a/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_nogpo.h +++ /dev/null @@ -1,30 +0,0 @@ -/* Benjamin DELPY `gentilkiwi` - http://blog.gentilkiwi.com - benjamin@gentilkiwi.com - Licence : http://creativecommons.org/licenses/by/3.0/fr/ -*/ -#pragma once -#include "globdefs.h" -#include "mod_process.h" -#include "mod_memory.h" -#include "mod_patch.h" -#include - -class mod_mimikatz_nogpo -{ -private: - static bool disableSimple(wstring commandLine, wstring origKey, wstring kiwiKey, DWORD * monPID = NULL); - static bool disableSimple(wstring commandLine, string origKey, string kiwiKey, DWORD * monPID = NULL); - static bool disableSimple(wstring commandLine, SIZE_T taillePattern, PBYTE maCleDeDepart, const void * maCleFinale, DWORD * monPID = NULL); - - static bool getApplicationPathFromCLSID(wstring application, wstring * path); - -public: - static vector getMimiKatzCommands(); - - static bool regedit(vector * arguments); - static bool cmd(vector * arguments); - static bool taskmgr(vector * arguments); - static bool olpst(vector * arguments); -}; - -- cgit v1.2.3