def test_MimiCommand(self): dce, rpctransport, pHandle, key = self.connect() from Crypto.Cipher import ARC4 cipher = ARC4.new(key[::-1]) command = cipher.encrypt('token::whoami\x00'.encode('utf-16le')) #command = cipher.encrypt('sekurlsa::logonPasswords\x00'.encode('utf-16le')) #command = cipher.encrypt('process::imports\x00'.encode('utf-16le')) request = mimilib.MimiCommand() request['phMimi'] = pHandle request['szEncCommand'] = len(command) request['encCommand'] = list(command) resp = dce.request(request) cipherText = ''.join(resp['encResult']) cipher = ARC4.new(key[::-1]) plain = cipher.decrypt(cipherText) print '=' * 80 print plain
def test_MimiCommand(self): dce, rpc_transport = self.connect() pHandle, key = self.get_handle_key(dce) cipher = ARC4.new(key[::-1]) command = cipher.encrypt("{}\x00".format(self.mimikatz_command).encode('utf-16le')) request = mimilib.MimiCommand() request['phMimi'] = pHandle request['szEncCommand'] = len(command) request['encCommand'] = list(command) resp = dce.request(request) self.assertEqual(resp["ErrorCode"], 0) self.assertEqual(len(resp["encResult"]), resp["szEncResult"]) cipherText = b''.join(resp['encResult']) cipher = ARC4.new(key[::-1]) plain = cipher.decrypt(cipherText) dce.disconnect() rpc_transport.disconnect()