GitHub - vyrus001/go-mimikatz: A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of ant...
2019-09-21 17:10:34 Author: github.com(查看原文) 阅读量:398 收藏

Join GitHub today

GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.

Sign up

A wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.

Go

A Go wrapper around a pre-compiled version of the Mimikatz executable for the purpose of anti-virus evasion.

Requirements:

go-bindata => https://github.com/jteeuwen/go-bindata
MemoryModule => https://github.com/fancycode/MemoryModule

This application utilizes 3 segmented components to provide a Go wrapper for the Mimikatz application that is not considered malicious by most anti-virus software without additional packing, and can be dynamically built utilizing a repeatable build recipie. This is done by deviding the mimikatz executible into 2 randomly generated pads that are then stored as strings within the compiled Go binary and combined, and subsiquently loaded from within the existing process memory space at run time.

Build Process:

  1. Build or aquire Mimikatz 32 bit or 64 bit executibles
  2. Use util/paddleball.go to devide the executible into "pad" files Example: go run paddleball.go <path-to-mimikatz32.exe> will output mimikatz32.exe.0.pad and mimikatz32.exe.1.pad
  3. Store the pad files within the main package of the go-mimikatz.go application Example: go-bindata mimikatz32.exe.0.pad mimikatz32.exe.1.pad will output bindata.go
  4. Build the MemoryModule library with MinGW (or gcc)
  5. run go build

文章来源: https://github.com/vyrus001/go-mimikatz
如有侵权请联系:admin#unsafe.sh