def __init__(self, dce):
cmd.Cmd.__init__(self)
self.shell = None
self.prompt = 'mimikatz # '
self.tid = None
self.intro = mimikatz_intro
self.pwd = ''
self.share = None
self.loggedIn = True
self.last_output = None
self.dce = dce
dh = mimilib.MimiDiffeH()
blob = mimilib.PUBLICKEYBLOB()
blob['y'] = dh.genPublicKey()[::-1]
publicKey = mimilib.MIMI_PUBLICKEY()
publicKey['sessionType'] = mimilib.CALG_RC4
publicKey['cbPublicKey'] = 144
publicKey['pbPublicKey'] = blob.getData()
resp = mimilib.hMimiBind(self.dce, publicKey)
blob = mimilib.PUBLICKEYBLOB(b''.join(resp['serverPublicKey']['pbPublicKey']))
self.key = dh.getSharedSecret(blob['y'][::-1])[-16:][::-1]
self.pHandle = resp['phMimi']
def __init__(self, dce):
cmd.Cmd.__init__(self)
self.shell = None
self.prompt = 'mimikatz # '
self.tid = None
self.intro = '' \
' .#####. mimikatz RPC interface\n'\
' .## ^ ##. "A La Vie, A L\' Amour "\n'\
' ## / \ ## /* * *\n'\
' ## \ / ## Benjamin DELPY `gentilkiwi` ( [email protected] )\n'\
' \'## v ##\' http://blog.gentilkiwi.com/mimikatz (oe.eo)\n'\
' \'#####\' Impacket client by Alberto Solino (@agsolino) * * */\n\n'\
'Type help for list of commands'
self.pwd = ''
self.share = None
self.loggedIn = True
self.last_output = None
self.dce = dce
dh = mimilib.MimiDiffeH()
blob = mimilib.PUBLICKEYBLOB()
blob['y'] = dh.genPublicKey()[::-1]
publicKey = mimilib.MIMI_PUBLICKEY()
publicKey['sessionType'] = mimilib.CALG_RC4
publicKey['cbPublicKey'] = 144
publicKey['pbPublicKey'] = str(blob)
resp = mimilib.hMimiBind(self.dce, publicKey)
blob = mimilib.PUBLICKEYBLOB(''.join(
resp['serverPublicKey']['pbPublicKey']))
self.key = dh.getSharedSecret(''.join(blob['y'])[::-1])[-16:][::-1]
self.pHandle = resp['phMimi']
def __init__(self, dce):
cmd.Cmd.__init__(self)
self.shell = None
self.prompt = 'mimikatz # '
self.tid = None
self.intro = '' \
' .#####. mimikatz RPC interface\n'\
' .## ^ ##. "A La Vie, A L\' Amour "\n'\
' ## / \ ## /* * *\n'\
' ## \ / ## Benjamin DELPY `gentilkiwi` ( [email protected] )\n'\
' \'## v ##\' http://blog.gentilkiwi.com/mimikatz (oe.eo)\n'\
' \'#####\' Impacket client by Alberto Solino (@agsolino) * * */\n\n'\
'Type help for list of commands'
self.pwd = ''
self.share = None
self.loggedIn = True
self.last_output = None
self.dce = dce
dh = mimilib.MimiDiffeH()
blob = mimilib.PUBLICKEYBLOB()
blob['y'] = dh.genPublicKey()[::-1]
publicKey = mimilib.MIMI_PUBLICKEY()
publicKey['sessionType'] = mimilib.CALG_RC4
publicKey['cbPublicKey'] = 144
publicKey['pbPublicKey'] = blob.getData()
resp = mimilib.hMimiBind(self.dce, publicKey)
blob = mimilib.PUBLICKEYBLOB(b''.join(resp['serverPublicKey']['pbPublicKey']))
self.key = dh.getSharedSecret(blob['y'][::-1])[-16:][::-1]
self.pHandle = resp['phMimi']
def get_handle_key(self, dce):
# Build handshake request
dh, public_key = self.get_dh_public_key()
resp = mimilib.hMimiBind(dce, public_key)
# Get shared secret and obtain handle
blob = mimilib.PUBLICKEYBLOB(b''.join(resp['serverPublicKey']['pbPublicKey']))
key = dh.getSharedSecret(blob['y'][::-1])
pHandle = resp['phMimi']
return pHandle, key[-16:]
def test_hMimiBind(self):
dce, rpc_transport = self.connect()
dh, public_key = self.get_dh_public_key()
resp = mimilib.hMimiBind(dce, public_key)
self.assertEqual(resp["ErrorCode"], 0)
self.assertEqual(resp["serverPublicKey"]["sessionType"], mimilib.CALG_RC4)
dce.disconnect()
rpc_transport.disconnect()
def __init__(self, rpcTransport):
cmd.Cmd.__init__(self)
self.shell = None
self.prompt = 'mimikatz # '
self.rpc = rpcTransport
self.username, self.password, self.domain, self.lmhash, self.nthash, self.aesKey, self.TGT, self.TGS = rpcTransport.get_credentials()
self.tid = None
self.intro = '' \
' .#####. mimikatz RPC interface\n'\
' .## ^ ##. "A La Vie, A L\' Amour "\n'\
' ## / \ ## /* * *\n'\
' ## \ / ## Benjamin DELPY `gentilkiwi` ( [email protected] )\n'\
' \'## v ##\' http://blog.gentilkiwi.com/mimikatz (oe.eo)\n'\
' \'#####\' Impacket client by Alberto Solino (@agsolino) * * */\n\n'\
'Type help for list of commands'
self.pwd = ''
self.share = None
self.loggedIn = True
self.last_output = None
self.dce = rpcTransport.get_dce_rpc()
self.dce.set_auth_level(RPC_C_AUTHN_LEVEL_PKT_PRIVACY)
self.dce.connect()
self.dce.bind(mimilib.MSRPC_UUID_MIMIKATZ)
dh = mimilib.MimiDiffeH()
blob = mimilib.PUBLICKEYBLOB()
blob['y'] = dh.genPublicKey()[::-1]
publicKey = mimilib.MIMI_PUBLICKEY()
publicKey['sessionType'] = mimilib.CALG_RC4
publicKey['cbPublicKey'] = 144
publicKey['pbPublicKey'] = str(blob)
resp = mimilib.hMimiBind(self.dce, publicKey)
blob = mimilib.PUBLICKEYBLOB(''.join(resp['serverPublicKey']['pbPublicKey']))
self.key = dh.getSharedSecret(''.join(blob['y'])[::-1])[-16:][::-1]
self.pHandle = resp['phMimi']