From c5168cdba6a3b2d7dd8d79c8ac9583d3ace6a504 Mon Sep 17 00:00:00 2001
From: mattifestation <mattgraeber@gmail.com>
Date: Mon, 3 Feb 2014 17:13:35 -0500
Subject: Removed mimikatz.

This doesn't need to reside in PowerSploit. Those that are truly
paranoid should validate that the embedded executable in
Invoke-Mimikatz.ps1 is indeed mimikatz.

This was causing AV to flag upon downloading PowerSploit.
---
 .../mimikatz-1.0/modules/mod_winsta_desktop.cpp    | 29 ----------------------
 1 file changed, 29 deletions(-)
 delete mode 100644 Exfiltration/mimikatz-1.0/modules/mod_winsta_desktop.cpp

(limited to 'Exfiltration/mimikatz-1.0/modules/mod_winsta_desktop.cpp')

diff --git a/Exfiltration/mimikatz-1.0/modules/mod_winsta_desktop.cpp b/Exfiltration/mimikatz-1.0/modules/mod_winsta_desktop.cpp
deleted file mode 100644
index 57b209e..0000000
--- a/Exfiltration/mimikatz-1.0/modules/mod_winsta_desktop.cpp
+++ /dev/null
@@ -1,29 +0,0 @@
-/*	Benjamin DELPY `gentilkiwi`
-	http://blog.gentilkiwi.com
-	benjamin@gentilkiwi.com
-	Licence : http://creativecommons.org/licenses/by/3.0/fr/
-*/
-#include "mod_winsta_desktop.h"
-
-BOOL CALLBACK mod_winsta_desktop::EnumWindowStationProc(_In_ LPTSTR lpszWindowStation, _In_ LPARAM lParam)
-{
-	reinterpret_cast<vector<wstring> *>(lParam)->push_back(reinterpret_cast<const wchar_t *>(lpszWindowStation));
-	return TRUE;
-}
-
-BOOL CALLBACK mod_winsta_desktop::EnumDesktopProc(_In_ LPTSTR lpszDesktop, _In_ LPARAM lParam)
-{
-	reinterpret_cast<vector<wstring> *>(lParam)->push_back(reinterpret_cast<const wchar_t *>(lpszDesktop));
-	return TRUE;
-}
-
-
-bool mod_winsta_desktop::getWinstas(vector<wstring> * mesWinstas)
-{
-	return (EnumWindowStations(EnumWindowStationProc, reinterpret_cast<LPARAM>(mesWinstas)) != 0);
-}
-
-bool mod_winsta_desktop::getDesktops(vector<wstring> * mesDesktop)
-{
-	return (EnumDesktops(NULL, EnumDesktopProc, reinterpret_cast<LPARAM>(mesDesktop)) != 0);
-}
-- 
cgit v1.2.3