def test_MimiCommand(self):
dce, rpctransport, pHandle, key = self.connect()
from Crypto.Cipher import ARC4
cipher = ARC4.new(key[::-1])
command = cipher.encrypt('token::whoami\x00'.encode('utf-16le'))
#command = cipher.encrypt('sekurlsa::logonPasswords\x00'.encode('utf-16le'))
#command = cipher.encrypt('process::imports\x00'.encode('utf-16le'))
request = mimilib.MimiCommand()
request['phMimi'] = pHandle
request['szEncCommand'] = len(command)
request['encCommand'] = list(command)
resp = dce.request(request)
cipherText = ''.join(resp['encResult'])
cipher = ARC4.new(key[::-1])
plain = cipher.decrypt(cipherText)
print '=' * 80
print plain
def test_MimiCommand(self):
dce, rpc_transport = self.connect()
pHandle, key = self.get_handle_key(dce)
cipher = ARC4.new(key[::-1])
command = cipher.encrypt("{}\x00".format(self.mimikatz_command).encode('utf-16le'))
request = mimilib.MimiCommand()
request['phMimi'] = pHandle
request['szEncCommand'] = len(command)
request['encCommand'] = list(command)
resp = dce.request(request)
self.assertEqual(resp["ErrorCode"], 0)
self.assertEqual(len(resp["encResult"]), resp["szEncResult"])
cipherText = b''.join(resp['encResult'])
cipher = ARC4.new(key[::-1])
plain = cipher.decrypt(cipherText)
dce.disconnect()
rpc_transport.disconnect()