banner Expire 1 July 2024
Ad Ends 13 July 2024
banner Expire 15 July 2024
banner Expire 18 October 2024
ad End 18 October 2024
Ad Ends 13 July 2023
banner Expire 20 July 2024
Menu
What's new
By:
Filters
Ad expire at 5 June 2024
UniCvv
CrdCrew.cc Carding forum
Western union transfer
Kfc CLub
Carding.pw carding forum
adv exp at 23 August 2024

Pypykatz - Mimikatz Implementation In Pure Python

Daniel

Daniel

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
6,681
Reaction score
895
Points
212
Awards
2
  • trusted user
  • Rich User



Mimikatz implementation in pure Python. At least a part of it attachFull541
Runs on all OS's which support python>=3.6
WIKI
Since version 0.1.1 the command line changed a little. Worry not, I have an awesome WIKI for you.
Installing
Install it via pip or by cloning it from github.
The installer will create a pypykatz executable in the python's Script directory. You can run it from there, should be in your PATH.
Take care, that the github master version might fail because I'm layz to do a proper branch for the new versions. I'll try to create a branch of stable version tho.
Via PIP
Code:
pip3 install pypykatz
Click to expand...
Via Github
Install prerequirements
Code:
pip3 install minidump minikerberos aiowinreg msldap winsspi
Click to expand...
Clone this repo
Code:
git clone https://github.com/skelsec/pypykatz.git
cd pypykatz
Click to expand...
Install it
Code:
python3 setup.py install
Click to expand...
Features
General
Platform idependent - all commands have a "live" and a normal version where applicable. The "live" version will use the current system and only works on Windows. The normal commands are platform independent.
Can be used as a library for your projects.
LSASS processing
Can parse the secrets hidden in the LSASS process. This is just like mimikatz's sekurlsa:: but with different commands.
The main difference here is that all the parsing logic is separated from the data source, so if you define a new reader object you can basically perform the parsing of LSASS from anywhere.
Currently supported data sources:
  1. live - reads the LSASS porcess' memory directly
  2. minidump - processes a minidump file created by dumping the LSASS process
  3. rekall (volatility fork) - processes basically ANY windows memory dumps that rekall can parse
  4. pcileech - can dump secrets DIRECTLY via DMA of a live computer
  5. remote - this is another project. TBD attachFull542
  6. your project here seriously, it's super-simple to integrate.
Registry processing
Parses the registry hives to obtain stroed credentials, like NT and LM hashes, domain cached credentials (DCC/DCC2) and LSA secrets.
Currently supported data sources:
  1. live - has two techniques to parse live registry. First it's in-memory doesn't touch disk, the second is dumping the hives and parsing them with the offline parser
  2. offline (hive files)
  3. your project here seriously, it's super-simple to integrate.
DPAPI functions - MASTERKEY/BLOB/VAULT/CREDENTIAL
DPAPI is the protector of local secrets of many kinds. Currently the project supports decrypting masterkeys, dpapi blobs, credential files, vault files.
The results are not 100% correct, as there is not much documentation on most of these things. PR is always welcomed!
Currently supported data sources:
  1. live - obtains masterkeys directly from LSASS -OR- the user/machine keys from live registry and decrypts the masterkeyfile.
  2. hive files (offline)- the user/machine keys from live registry and decrypts the masterkeyfile
  3. valid credentials (offline) - can decrypt masterkey files by letting you type in the correct SID and password.
  4. pls don't integrate this part to your project, it's beta
 
You must log in or register to reply here.
Ad End 1 July 2024
Top