bhdresh/lazykatz bhdresh/lazykatz

  • Stars
    star
    197
  • Rank 196,562 (Top 4 %)
  • Language
    C#
  • Created over 7 years ago
  • Updated almost 7 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
bhdresh/lazykatz
github

bhdresh

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Lazykatz is an automation developed to extract credentials from remote targets protected with AV and/or application whitelisting software.

lazykatz v4.0

Release note:

  • Included functionality to extract certificates from remote targets
  • Updated compile command to reduce AV flags

alt tag

lazykatz v3.0

Release note:

  • Included wmic for remote login
  • Introduced event logging

lazykatz v2.0

New version will perform the attack in a background so that tool user could work on other window without being forced to wait until attack finish.

  • Removed keystroke automation.
  • New approach; single line mimikatz argument is used
  • Successfully bypassed various/almost all AV and whitelisting applications

Future release:

  • Include wmiexec for remote login

lazykatz v1.0

Lazykatz is an automation developed to extract credentials from remote targets protected with AV and/or application whitelisting software.

During an internal assessment, I came across a situation where I was unable to execute Mimikatz (plain, crypted, powershell, etc.) on target machines due to the AntiVirus + Application whitelisting software installed on them.

However, I was able to bypass these restrictions using @subtee (https://github.com/subTee/Utils/blob/master/katz.cs) method but for that I had to perform this attack on all the hosts manually which would take forever with ~1500 machines.

To overcome this, I developed a keystroke automation tool - Lazykatz which would perform this attack automatically on all provided hosts.

Usage

  1. Prepare a list of targets

  2. Run lazykatz.exe

  3. Enter remote admin credentials and select the file having list of targets

  4. Click start

Credits

@subtee, @autoIt, @bhdresh

Disclaimer

This program is for Educational purpose ONLY. Do not use it without permission. The usual disclaimer applies, especially the fact that me (bhdresh) is not liable for any damages caused by direct or indirect use of the information or functionality provided by these programs. The author or any Internet provider bears NO responsibility for content or misuse of these programs or any derivatives thereof. By using this program you accept the fact that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these programs is not bhdresh's responsibility.

Finally, this is a personal development, please respect its philosophy and don't use it for bad things!

Licence

CC BY 4.0 licence - https://creativecommons.org/licenses/by/4.0/

Bug, issues, feature requests

Obviously, I am not a fulltime developer so expect some hiccups

Please report bugs, issues, feature requests through https://github.com/bhdresh/lazykatz/issues

More Repositories

1

CVE-2017-0199

Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
Python
704
star
2

Dejavu

DejaVU - Open Source Deception Framework
PHP
367
star
3

CVE-2017-8759

Exploit toolkit CVE-2017-8759 - v1.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
Python
317
star
4

SocialEngineeringPayloads

This is a collection of social engineering tricks and payloads being used for credential theft and spear phishing attacks.
CSS
299
star
5

Whatsapp-IP-leak

Leak the IP address and Geolocation of target whatsapp user
94
star
6

CVE-2021-33766

ProxyToken (CVE-2021-33766) : An Authentication Bypass in Microsoft Exchange Server POC exploit
Shell
43
star
7

SnortRules

This is an open source Snort rules repository
25
star
8

CVE-2018-11776

Vulnerable docker container for CVE-2018-11776
10
star
9

taskhash

This tool is developed to assist forensic investigators and auditors to remotely collect the md5sum of running processes on the target windows machine.
AutoIt
6
star
10

ProbesPlotter

ProbesPlotter is a passive WiFi surveillance tool developed to plot the WiFi probe requests from different devices using directed-graph.
3
star