daddycocoaman

##################################################
## PyDefenderCheck - Python implementation of DefenderCheck
##################################################
## Author: daddycocoaman
## Based on: https://github.com/matterpreter/DefenderCheck
##################################################


import argparse
import enum

Raikia

Assuming you have a mimikatz dump named "mimikatz_dump.txt", I made these bash one-liners that will reformat the mimikatz output to "domain\user:password"

First, before using these parsers, run:  "dos2unix mimikatz_dump.txt"

Mimikatz 1.0:

cat mimikatz_dump.txt  | grep -P '((Utilisateur principal)|(msv1_0)|(kerberos)|(ssp)|(wdigest)|(tspkg))\s+:\s+.+' | grep -v 'n\.' | sed -e 's/^\s\+[^:]*:\s\+//' | sed -e 's/Utilisateur principal\s\+:\s\+\(.*\)$/\n\1/' | sort -u


Mimikatz 2.0 (unfortunately, you must "apt-get install pcregrep" because reasons):

xiaoxiaoleo

admin account info" filetype:log
!Host=*.* intext:enc_UserPassword=* ext:pcf
"# -FrontPage-" ext:pwd inurl:(service | authors | administrators | users) "# -FrontPage-" inurl:service.pwd
"AutoCreate=TRUE password=*"
"http://*:*@www” domainname
"index of/" "ws_ftp.ini" "parent directory"
"liveice configuration file" ext:cfg -site:sourceforge.net
"parent directory" +proftpdpasswd
Duclassified" -site:duware.com "DUware All Rights reserved"
duclassmate" -site:duware.com