Skip to content

Migrate Mimikatz credentials collector to a plugin #3168

@mssalvatore

Description

@mssalvatore

Description

Migrate the Mimikatz credentials collector to a plugin.#3167

Tasks

  • Define config-schema.json, manifest, and options (0d) @ilija-lazoroski @ordabach
  • Create pipfile for dependencies (0d) @ilija-lazoroski @ordabach
  • Add A jenkins job to build the plugin (0d) @ilija-lazoroski @ordabach
    • Update the island build jobs on Jenkins to copy the artifacts from the Mimikatz plugin build job
  • Add a build script for building plugins on Windows. Modify the mimikatz jenkins job as necessary. (0d) @ilija-lazoroski, @shreyamalviya
  • Convert the existing mimikatz collector to a plugin (0d) @mssalvatore
    • Update ETE test configuration
    • Reimplement unit tests
  • Remove the hard-coded mimikatz credentials collector plugin (0d) @mssalvatore
  • Fix wmi_mimikatz and depth_1 smb mimikatz tests (see below) (0d) - @shreyamalviya
    • Remove wmi_mimikatz test
    • Modify depth_1_a to call the stolen credentials endpoint and assert that expected credentials were stolen
  • Remove vulture entries
  • Fix logging (leaking credentials) (0d) @ilija-lazoroski

Broken tests

image

This test is supposed to test that credentials are collected from mimikatz 14 and used to access mimikatz 15. It should be a depth 2 test and shouldn't include valid credentials for mimikatz 15 in the configuration.

Also check the depth_1_a test, as this has comments about mimikatz password stealing. I'm not sure how this can be properly tested with a depth 1 test.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions