volatility2 with mimikatz|装mimikatz插件踩的坑

volatility2很好装,插件mimikatz你只需要下载好mimikatz.py放到对应的plugins目录下就可以

教程很多 也是正确的 但有些细节问题 容易踩坑

装插件mimikatz真是装的我头痛

主要的问题出在:

1. 有些github上的mimikatz.py有点问题 没办法使用

我找到的靠谱的:

hotoloti/volatility/mimikatz.py at master · RealityNet/hotoloti (github.com)

2.可能出现这样的错误提示

在-f 前增加--plugin,后面接你的volatility里plugins存放的目录 例如我这里是

--plugin=/home/kali/volatility/volatility/plugins
┌──(kali㉿kali)-[~/volatility/volatility/plugins]
└─$ vol.py --plugin=./ -f /home/kali/Desktop/OtterCTF.vmem --profile=Win7SP1x64 mimikatz 

3.construct版本问题

如果你也出现了下面这条错误信息

**Failed to import volatility.plugins.mimikatz (AttributeError: 'module' object has no attribute 'Int32ul')

我在网上搜索到了全都是将construct换成2.5.5 但我就是换成2.5.5之后会出现了上面这个问题

解决办法:

直接 sudo pip install construct 下载的2.10.54的版本 并不会出问题(注意这里的pip是python2的)

┌──(kali㉿kali)-[~/volatility/volatility/plugins]
└─$ sudo pip install construct                
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.                                                                               
Processing /root/.cache/pip/wheels/af/8e/c5/686cebf634111570b5dde5b340fcff57968f6c57e9d1024a0f/construct-2.10.54-py2-none-any.whl
Installing collected packages: construct
Successfully installed construct-2.10.54

  • 7
    点赞
  • 6
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
32位 64位均可 不过在测试过程中 前掉至少得以ADMIN权限运行 法国黑客神器 mimikatz 直接读取管理员密码明文 通杀xp win2003 win7 win2008 WIN2000还未测试 个人感觉应该也可以 没打建环境测试 还有一篇用这个神器直接从 lsass.exe 里获取windows处于active状态账号明文密码的文章 自己尝试了下用 win2008 r2 x64 来测试 总之这个神器相当华丽 还有更多能力有待各黑阔们挖掘 =..=~ mimikatz: Tool To Recover Cleartext Passwords From Lsass I meant to blog about this a while ago, but never got round to it. Here’s a brief post about very cool feature of a tool called mimikatz. I’m very grateful to the tool’s author for bringing it to my attention. Until that point, I didn’t realise it was possible to recover the cleartext passwords of logged on windows users. Something that I’m sure most pentesters would find very useful. Here’s some sample output provided by the author: mimikatz 1.0 x86 (pre-alpha) /* Traitement du Kiwi */mimikatz # privilege::debugDemande d'ACTIVATION du privilège : SeDebugPrivilege : OKmimikatz # inject::process lsass.exe sekurlsa.dllPROCESSENTRY32(lsass.exe).th32ProcessID = 488Attente de connexion du client...Serveur connecté à un client !Message du processus :Bienvenue dans un processus distant Gentil KiwiSekurLSA : librairie de manipulation des données de sécurités dans LSASSmimikatz # @getLogonPasswordsAuthentification Id : 0;434898Package d'authentification : NTLMUtilisateur principal : Gentil UserDomaine d'authentification : vm-w7-ult msv1_0 : lm{ e52cac67419a9a224a3b108f3fa6cb6d }, ntlm{ 8846f7eaee8fb117ad06bdd830b7586c } wdigest : password tspkg : passwordAuthentification Id : 0;269806Package d'authentification : NTLMUtilisateur principal : Gentil KiwiDomaine d'authentification : vm-w7-ult msv1_0 : lm{ d0e9aee149655a6075e4540af1f22d3b }, ntlm{ cc36cf7a8514893efccd332446158b1a } wdigest : waza1234/ tspkg : waza1234/ I wondered why the cleartext password would need to be stored in LSASS – after all every pentester will tell you that you don’t need the password to authenticate, just the hash. A bit of googling seems to indicate that wdigest (the password) is required to support HTTP Digest Authentication and other schemes that require the authenticating party to know the password – and not just the hash. Posted in Blog

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值