This repository contains two externally produced pieces of software that can be classified as pen-testing, security testing tools.
- Mimikatz
- PowerView
Generally speaking, mimikatz has many features, primarily revolving around extracting, manipulating, and using Windows credentials. It can do this in many ways. The most common method is by directly accessing and decrypting the memory of the Windows Local Security Authority Sub System, lsass.exe. By doing this it is able to get plaintext credentials from a live Windows systems. Most other credential access methods are only able to recover hashed credentials (which are still extremely useful). Mimikatz is open source, its methods as well as detection and mitigation mechanisms have been presented on. It has also been incorporated into the Metasploit Framework.
This repository contains compiled versions of mimikatz in both .ps1 and .dll form. These programs have been base64 encoded and are stored in python source files:
- caldera\caldera\files\mimi32-dll
- caldera\caldera\files\mimi64-dll
- caldera\caldera\invoke-mimi-ps1
CALDERA uses Mimikatz to decrypt Windows passwords from the memory of the lsass.exe process on Windows.
PowerView is a PowerShell script that is used for Network Enumeration. It is open source software contained within the PowerSploit framework. PowerView uses Windows Active Directory Services Interface (ADSI) and LDAP to query information from the Window's Domains Active Directory server about the domain.
This repository contains PowerView:
- caldera\caldera\files\powerview-ps1
CALDERA uses PowerView to query the Active Directory server. It collects: host and domain names of the computers in the domain, user account names, Administrator account names, and the Windows Domain name of the domain.