New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make mimikatz inside zip and extract only if config says so #169

Merged
merged 4 commits into from Aug 29, 2018

Conversation

Projects
None yet
2 participants
@itaymmguardicore
Contributor

itaymmguardicore commented Aug 22, 2018

Feature / Fixes

Mimikatz is now inside password protected zip, and extracted only if config says so.

  • Have you added an explanation of what your changes do and why you'd like to include them?
  • Have you successfully tested your changes locally?

Fixes #165

@itaymmguardicore itaymmguardicore self-assigned this Aug 22, 2018

@danielguardicore

The password hardcoding is the most worrisome but we'll go with it if we don't have a simple alternate solution. The spec file contains a useless 2nd version of the password.

Higher level Qs

  • Did you test this without Pyinstaller as well?
  • Does it matter if compressed on Linux/Windows?

Also nice work improving our configuration page.

# Name of mimikatz dll in zip archive
MIMIKATZ_DLL_NAME_ZIP = 'tmpzipfile123456.dll'
# Password for mimikatz zip
MIMIKATZ_ZIP_PASSWORD = 'HEDFGFDSgfsdg4235342#@$^@#shd35'

This comment has been minimized.

@danielguardicore

danielguardicore Aug 22, 2018

Contributor

That is horribly not random. Any specific reason? Minimum/maximum character limit?

Actually, why is this and the dll name here at all?

This comment has been minimized.

@itaymmguardicore

itaymmguardicore Aug 23, 2018

Contributor

This is my mistake. This shouldn't have been committed.

a.binaries += [('mk.dll', '.\\bin\\mk32.dll', 'BINARY')]
else:
a.binaries += [('mk.dll', '.\\bin\\mk64.dll', 'BINARY')]
a.binaries += [(MIMIKATZ_ZIP_NAME_MONKEY, get_mimikatz_zip_path(), 'BINARY')]

This comment has been minimized.

@danielguardicore

danielguardicore Aug 22, 2018

Contributor

If we're already changing stuff, not sure this should be binaries and not data. See PyInstaller documentation.

Alternatively, if you build Mimikatz, put each version in a zip file.
1. The zip should contain only the Mimikatz DLL named tmpzipfile123456.dll
2. It should be protected using the password 'VTQpsJPXgZuXhX6x3V84G'.

This comment has been minimized.

@danielguardicore

danielguardicore Aug 22, 2018

Contributor

Not the same password as in the spec file.

This comment has been minimized.

@itaymmguardicore

itaymmguardicore Aug 23, 2018

Contributor

Spec file is wrong. This one is right

MIMIKATZ_ZIP_NAME = 'tmpzipfile123456.zip'
# Password to Mimikatz zip file
MIMIKATZ_ZIP_PASSWORD = r'VTQpsJPXgZuXhX6x3V84G'

This comment has been minimized.

@danielguardicore

danielguardicore Aug 22, 2018

Contributor

Is there any way to have the constant imported from somewhere? This is the 3rd copy I've seen so far and the 2nd version of the password.

This comment has been minimized.

@itaymmguardicore

itaymmguardicore Aug 23, 2018

Contributor

Spec file won't have the password any more.
The readme is the only other place the password is gonna be in (and we can't import it there 🙃)

This comment has been minimized.

@danielguardicore

danielguardicore Aug 23, 2018

Contributor

Shame :) 🥇

self._get = None
self.init_mimikatz()
def init_mimikatz(self):

This comment has been minimized.

@danielguardicore

danielguardicore Aug 22, 2018

Contributor

Is there an option for a non zip version?

This comment has been minimized.

@itaymmguardicore

itaymmguardicore Aug 23, 2018

Contributor

Nope. Don't see a reason there should be

@itaymmguardicore itaymmguardicore merged commit bed482d into develop Aug 29, 2018

@itaymmguardicore itaymmguardicore deleted the feature/wrap-mimikatz-zip branch Aug 29, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment