Hi @alwashali
I've made a simple Powershell script to simulate usage of Mimikatz.
It is based on a list of strings that are mimicking commandlines related to that tool (direct or base64 encoded).
Here is the script:
# Define a list of strings
$strings = @(
"a2vyymvyb3m6omxpc3qgl2v4cg9yda==",
"bhnhzhvtcdo6c2ft",
"bhnhzhvtcdo6c2vjcmv0cw==",
"bhnhzhvtcdo6y2fjagu=",
"bwlzyzo6c2njbq==",
"c2vrdxjsc2e6omxvz29ucgfzc3dvcmrz",
"chjpdmlszwdlojpkzwj1zw==",
"chjpdmlszwdlojpkzwj1zyxzzwt1cmxzyto6bg9nb25wyxnzd29yzhm=",
"crypto::",
"dg9rzw46omvszxzhdgu=",
"dg9rzw46onjldmvyda==",
"dhm6omxvz29ucgfzc3dvcmrz",
"dmf1bhq6omnyzwq=",
"dmf1bhq6omxpc3q=",
"kcq2pa06qpxv86au",
"kerberos::",
"lsadump::",
"misc::sccm",
"privilege::",
"privilege::debug,sekurlsa::logonpasswords",
"sekurlsa::",
"token::",
"ts::logonpasswords",
"ts::mstsc",
"vault::",
"y0hkcgrtbhnav2rst2pwa1pxsjfaexh6wld0mwntehpzvg82ykc5bmiynxdzwe56zdi5evpitt0",
"y0hkcgrtbhnav2rst2pwa1pxsjfaexh6wld0mwntehpzvg82ykc5bmiynxdzwe56zdi5evpitt0=",
"y3j5chrvojpjbmc=",
"y3j5chrvojpjyxbp",
"y3j5chrvojpjzxj0awzpy2f0zxmgl2v4cg9yda==",
"y3j5chrvojprzxlzic9lehbvcnq=",
"y3j5chrvojprzxlzic9tywnoaw5lic9lehbvcnq=",
"yldsell6bzzjmk5qyle9pq==",
"zehnnk9tehzamjl1y0dgemmzzhzjbvj6"
)
# Loop through the list of strings and execute the command for each string
foreach ($string in $strings) {
$commandToExecute = "C:\tools\Detection-Validation\mcli.exe execute --parent cutecat.exe --command $string"
Write-Host "Executing: $commandToExecute"
# Execute the command
Invoke-Expression $commandToExecute
# Add a delay if needed between command executions
Start-Sleep -Seconds 1
}Is that something you want to see implemented on that repository? If yes, where (Wiki, README.md, dedicated .md file)?
If you prefer, I can also create a separate repository, that will redirect to yours.
Let me know 😉
Regards,
WikiJM
Hi @alwashali
I've made a simple Powershell script to simulate usage of Mimikatz.
It is based on a list of strings that are mimicking commandlines related to that tool (direct or base64 encoded).
Here is the script:
Is that something you want to see implemented on that repository? If yes, where (Wiki, README.md, dedicated .md file)?
If you prefer, I can also create a separate repository, that will redirect to yours.
Let me know 😉
Regards,
WikiJM