Skip to content

ufrisk/MemProcFS-plugins

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 5 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
files/plugins
 
 
.gitignore
 
 
LICENSE
 
 
MemProcFS-plugins.sln
 
 
README.md
 
 
versions.txt
 
 
Plugins for MemProcFS pypykatz Author: Overview: Installation instructions: Last updated: 2021-03-21 pypykatz regsecrets Author: Overview: Installation instructions: Last updated: 2021-03-21

README.md

Plugins for MemProcFS

This repository contains various non-core plugins for MemProcFS - The Memory Process File System.

Plugins range from non-core plugins to plugins that have offensive capabilities - such as pypykatz. Please find a short description for each plugin below:

pypykatz

Author:

Tamas Jos (@skelsec) , info@skelsec.com , https://github.com/skelsec/

Overview:

pypykatz for MemProcFS exposes mimikatz functionality in the folder /py/secrets/ in the file system root provided that the target is a supported Windows system. Functionality includes retrieval of hashes, passwords, kerberos tickets and various other credentials.

Installation instructions:

  1. Ensure MemProcFS supported version of 64-bit Python for Windows is on the system path (or specify in -pythonpath option when starting MemProcFS). NB! embedded Python will not work with pypykatz since it requires access to Python pip installed packages.
  2. Install pypykatz pip package, in correct python environment, by running pip install dissect.cstruct pypykatz.
  3. Copy the pypykatz for MemProcFS plugin by copying all files from /files/plugins/pym_pypykatz to corresponding folder in MemProcFS - overwriting any existing files there.
  4. Start MemProcFS.

Last updated: 2021-03-21

pypykatz regsecrets

Author:

Tamas Jos (@skelsec) , info@skelsec.com , https://github.com/skelsec/

Overview:

regsecrets for MemProcFS exposes mimikatz functionality in the folder /py/regsecrets/ in the file system root provided that the target is a supported Windows system. Functionality includes retrieval NTLM hashes for local accounts amongst other things.

Installation instructions:

  1. Ensure MemProcFS supported version of 64-bit Python for Windows is on the system path (or specify in -pythonpath option when starting MemProcFS). NB! embedded Python will not work with pypykatz and aiowinreg since it requires access to Python pip installed packages.
  2. Install pypykatz and aiowinreg pip package, in correct python environment, by running pip install pypykatz aiowinreg.
  3. Copy the pyregsecrets for MemProcFS plugin by copying all files from /files/plugins/pym_regsecrets to corresponding folder in MemProcFS - overwriting any existing files there.
  4. Start MemProcFS.

Last updated: 2021-03-21

About

No description, website, or topics provided.

Resources

Readme

License

GPL-3.0 license
Activity

Stars

38 stars

Watchers

7 watching

Forks

7 forks
Report repository

Releases

5 tags

Packages

No packages published

Languages