volatility_mimikatz

基于volatility框架的mimikatz插件，实现从Windows vista，Windows 7休眠文件中提取明文密码，在原基础上增加Windows 8的支持。由于volatility目前不支持Win7以上系统的休眠文件的解析，可以通过hibr2bin.exe工具将Win8休眠文件转为原始内存镜像文件，然后通过mimikatz.py插件进行明文密码提取。

参考：

https://github.com/gentilkiwi/mimikatz

https://github.com/RealityNet/hotoloti/tree/master/volatility

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
Hibr2Bin.exe		Hibr2Bin.exe
README.md		README.md
mimikatz.py		mimikatz.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Hibr2Bin.exe

Hibr2Bin.exe

README.md

README.md

mimikatz.py

mimikatz.py

Repository files navigation

volatility_mimikatz

About

Releases

Packages

Languages

cofarmer/volatility_mimikatz

Folders and files

Latest commit

History

Repository files navigation

volatility_mimikatz

About

Resources

Stars

Watchers

Forks

Languages