You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've made a simple Powershell script to simulate usage of Mimikatz.
It is based on a list of strings that are mimicking commandlines related to that tool (direct or base64 encoded).
Here is the script:
# Define a list of strings$strings=@(
"a2vyymvyb3m6omxpc3qgl2v4cg9yda==","bhnhzhvtcdo6c2ft","bhnhzhvtcdo6c2vjcmv0cw==","bhnhzhvtcdo6y2fjagu=","bwlzyzo6c2njbq==","c2vrdxjsc2e6omxvz29ucgfzc3dvcmrz","chjpdmlszwdlojpkzwj1zw==","chjpdmlszwdlojpkzwj1zyxzzwt1cmxzyto6bg9nb25wyxnzd29yzhm=","crypto::","dg9rzw46omvszxzhdgu=","dg9rzw46onjldmvyda==","dhm6omxvz29ucgfzc3dvcmrz","dmf1bhq6omnyzwq=","dmf1bhq6omxpc3q=","kcq2pa06qpxv86au","kerberos::","lsadump::","misc::sccm","privilege::","privilege::debug,sekurlsa::logonpasswords","sekurlsa::","token::","ts::logonpasswords","ts::mstsc","vault::","y0hkcgrtbhnav2rst2pwa1pxsjfaexh6wld0mwntehpzvg82ykc5bmiynxdzwe56zdi5evpitt0","y0hkcgrtbhnav2rst2pwa1pxsjfaexh6wld0mwntehpzvg82ykc5bmiynxdzwe56zdi5evpitt0=","y3j5chrvojpjbmc=","y3j5chrvojpjyxbp","y3j5chrvojpjzxj0awzpy2f0zxmgl2v4cg9yda==","y3j5chrvojprzxlzic9lehbvcnq=","y3j5chrvojprzxlzic9tywnoaw5lic9lehbvcnq=","yldsell6bzzjmk5qyle9pq==","zehnnk9tehzamjl1y0dgemmzzhzjbvj6"
)
# Loop through the list of strings and execute the command for each stringforeach ($stringin$strings) {
$commandToExecute="C:\tools\Detection-Validation\mcli.exe execute --parent cutecat.exe --command $string"Write-Host"Executing: $commandToExecute"# Execute the commandInvoke-Expression$commandToExecute# Add a delay if needed between command executionsStart-Sleep-Seconds 1
}
Is that something you want to see implemented on that repository? If yes, where (Wiki, README.md, dedicated .md file)?
If you prefer, I can also create a separate repository, that will redirect to yours.
Let me know 😉
Regards,
WikiJM
The text was updated successfully, but these errors were encountered:
Hi @alwashali
I've made a simple Powershell script to simulate usage of Mimikatz.
It is based on a list of strings that are mimicking commandlines related to that tool (direct or base64 encoded).
Here is the script:
Is that something you want to see implemented on that repository? If yes, where (Wiki, README.md, dedicated .md file)?
If you prefer, I can also create a separate repository, that will redirect to yours.
Let me know 😉
Regards,
WikiJM
The text was updated successfully, but these errors were encountered: