[new] internal ntlm module

[new] PFX for client certificate
gentilkiwi · Jul 23, 2021 · de98fa6 · de98fa6
1 parent 8326af8
commit de98fa6
Show file tree

Hide file tree

Showing 77 changed files with 2,300 additions and 1,643 deletions.
diff --git a/inc/globals.h b/inc/globals.h
@@ -1,5 +1,5 @@
 /*	Benjamin DELPY `gentilkiwi`
-	http://blog.gentilkiwi.com
+	https://blog.gentilkiwi.com
 	[email protected]
 	Licence : https://creativecommons.org/licenses/by/4.0/
 */

diff --git a/kekeo.sln b/kekeo.sln
@@ -1,6 +1,6 @@
 
-Microsoft Visual Studio Solution File, Format Version 11.00
-# Visual Studio 2010
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2012
 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "kekeo", "kekeo\kekeo.vcxproj", "{E6F0D274-D280-4E1D-B11A-D47D63DDDE8E}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "global files", "global files", "{7BC63A9D-AA3E-471E-9AF2-90815A59FDF7}"
@@ -67,6 +67,8 @@ Global
 		Release|x64 = Release|x64
 		Second_Release_PowerShell|Win32 = Second_Release_PowerShell|Win32
 		Second_Release_PowerShell|x64 = Second_Release_PowerShell|x64
+		Simple_DLL|Win32 = Simple_DLL|Win32
+		Simple_DLL|x64 = Simple_DLL|x64
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{E6F0D274-D280-4E1D-B11A-D47D63DDDE8E}.Release|Win32.ActiveCfg = Release|Win32
@@ -77,6 +79,10 @@ Global
 		{E6F0D274-D280-4E1D-B11A-D47D63DDDE8E}.Second_Release_PowerShell|Win32.Build.0 = Second_Release_PowerShell|Win32
 		{E6F0D274-D280-4E1D-B11A-D47D63DDDE8E}.Second_Release_PowerShell|x64.ActiveCfg = Second_Release_PowerShell|x64
 		{E6F0D274-D280-4E1D-B11A-D47D63DDDE8E}.Second_Release_PowerShell|x64.Build.0 = Second_Release_PowerShell|x64
+		{E6F0D274-D280-4E1D-B11A-D47D63DDDE8E}.Simple_DLL|Win32.ActiveCfg = Simple_DLL|Win32
+		{E6F0D274-D280-4E1D-B11A-D47D63DDDE8E}.Simple_DLL|Win32.Build.0 = Simple_DLL|Win32
+		{E6F0D274-D280-4E1D-B11A-D47D63DDDE8E}.Simple_DLL|x64.ActiveCfg = Simple_DLL|x64
+		{E6F0D274-D280-4E1D-B11A-D47D63DDDE8E}.Simple_DLL|x64.Build.0 = Simple_DLL|x64
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE

diff --git a/kekeo/kekeo.c b/kekeo/kekeo.c
@@ -1,5 +1,5 @@
 /*	Benjamin DELPY `gentilkiwi`
-	http://blog.gentilkiwi.com
+	https://blog.gentilkiwi.com
 	[email protected]
 	Licence : https://creativecommons.org/licenses/by/4.0/
 */
@@ -22,29 +22,18 @@ int wmain(int argc, wchar_t * argv[])
 {
 	NTSTATUS status = STATUS_SUCCESS;
 	int i;
-#ifndef _WINDLL
+#if !defined(_POWERKATZ)
 	size_t len;
 	wchar_t input[0xffff];
-	kull_m_output_init();
-	SetConsoleTitle(MIMIKATZ L" " MIMIKATZ_VERSION L" " MIMIKATZ_ARCH L" (oe.eo)");
-	SetConsoleCtrlHandler(HandlerRoutine, TRUE);
 #endif
-	kprintf(L"\n"
-		L"  ___ _    " MIMIKATZ_FULL L"\n"
-		L" /   ('>-  " MIMIKATZ_SECOND L"\n"
-		L" | K  |    /* * *\n"
-		L" \\____/     Benjamin DELPY `gentilkiwi` ( [email protected] )\n"
-		L"  L\\_       http://blog.gentilkiwi.com/kekeo                (oe.eo)\n"
-		L"            " MIMIKATZ_SPECIAL L" with %2u modules * * */\n", ARRAYSIZE(mimikatz_modules));
-
-	mimikatz_initOrClean(TRUE);
+	mimikatz_begin();
 	for(i = MIMIKATZ_AUTO_COMMAND_START ; (i < argc) && (status != STATUS_FATAL_APP_EXIT) ; i++)
 	{
 		kprintf(L"\n" MIMIKATZ L"(" MIMIKATZ_AUTO_COMMAND_STRING L") # %s\n", argv[i]);
 		status = mimikatz_dispatchCommand(argv[i]);
 	}
-#ifndef _WINDLL
-	while (status != STATUS_FATAL_APP_EXIT)
+#if !defined(_POWERKATZ)
+	while ((status != STATUS_PROCESS_IS_TERMINATING) && (status != STATUS_THREAD_IS_TERMINATING))
 	{
 		kprintf(L"\n" MIMIKATZ L" # "); fflush(stdin);
 		if(fgetws(input, ARRAYSIZE(input), stdin) && (len = wcslen(input)) && (input[0] != L'\n'))
@@ -56,12 +45,39 @@ int wmain(int argc, wchar_t * argv[])
 		}
 	}
 #endif
+	mimikatz_end(status);
+	return STATUS_SUCCESS;
+}
+
+void mimikatz_begin()
+{
+	kull_m_output_init();
+#if !defined(_POWERKATZ)
+	SetConsoleTitle(MIMIKATZ L" " MIMIKATZ_VERSION L" " MIMIKATZ_ARCH L" (oe.eo)");
+	SetConsoleCtrlHandler(HandlerRoutine, TRUE);
+#endif
+	kprintf(L"\n"
+		L"  ___ _    " MIMIKATZ_FULL L"\n"
+		L" /   ('>-  " MIMIKATZ_SECOND L"\n"
+		L" | K  |    /* * *\n"
+		L" \\____/     Benjamin DELPY `gentilkiwi` ( [email protected] )\n"
+		L"  L\\_       https://blog.gentilkiwi.com/kekeo                (oe.eo)\n"
+		L"            " MIMIKATZ_SPECIAL L" with %2u modules * * */\n", ARRAYSIZE(mimikatz_modules));
+	mimikatz_initOrClean(TRUE);
+}
+
+void mimikatz_end(NTSTATUS status)
+{
 	mimikatz_initOrClean(FALSE);
-#ifndef _WINDLL
+#if !defined(_POWERKATZ)
 	SetConsoleCtrlHandler(HandlerRoutine, FALSE);
+#endif
 	kull_m_output_clean();
+#if !defined(_WINDLL)
+	if(status == STATUS_THREAD_IS_TERMINATING)
+		ExitThread(STATUS_SUCCESS);
+	else ExitProcess(STATUS_SUCCESS);
 #endif
-	return STATUS_SUCCESS;
 }
 
 BOOL WINAPI HandlerRoutine(DWORD dwCtrlType)
@@ -200,7 +216,7 @@ NTSTATUS mimikatz_doLocal(wchar_t * input)
 	return status;
 }
 
-#ifdef _WINDLL
+#if defined(_POWERKATZ)
 __declspec(dllexport) wchar_t * powershell_reflective_kekeo(LPCWSTR input)
 {
 	int argc = 0;
@@ -216,4 +232,29 @@ __declspec(dllexport) wchar_t * powershell_reflective_kekeo(LPCWSTR input)
 	}
 	return outputBuffer;
 }
+#endif
+
+#if defined(_WINDLL)
+void CALLBACK kekeo_dll(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLine, int nCmdShow)
+{
+	int argc = 0;
+	wchar_t ** argv;
+
+	AllocConsole();
+#pragma warning(push)
+#pragma warning(disable:4996)
+	freopen("CONOUT$", "w", stdout);
+	freopen("CONOUT$", "w", stderr);
+	freopen("CONIN$", "r", stdin);
+#pragma warning(pop)
+	if(lpszCmdLine && lstrlenW(lpszCmdLine))
+	{
+		if(argv = CommandLineToArgvW(lpszCmdLine, &argc))
+		{
+			wmain(argc, argv);
+			LocalFree(argv);
+		}
+	}
+	else wmain(0, NULL);
+}
 #endif
diff --git a/kekeo/kekeo.h b/kekeo/kekeo.h
@@ -1,32 +1,45 @@
-/*	Benjamin DELPY `gentilkiwi`
-	http://blog.gentilkiwi.com
-	[email protected]
-	Licence : https://creativecommons.org/licenses/by/4.0/
-*/
-#pragma once
-
-#include "globals.h"
-#include "modules/kuhl_m_standard.h"
-#include "modules/kuhl_m_tgt.h"
-#include "modules/kuhl_m_tgs.h"
-#include "modules/kuhl_m_exploit.h"
-#include "modules/kuhl_m_misc.h"
-#include "modules/kerberos/kuhl_m_kerberos.h"
-#include "modules/kuhl_m_smb.h"
-#include "modules/kuhl_m_ntlm.h"
-#include "modules/kuhl_m_tsssp.h"
-#include "modules/kuhl_m_server.h"
-
-#include "../modules/kull_m_file.h"
-#include "../modules/asn1/kull_m_kerberos_asn1.h"
-
-extern VOID WINAPI RtlGetNtVersionNumbers(LPDWORD pMajor, LPDWORD pMinor, LPDWORD pBuild);
-
-int wmain(int argc, wchar_t * argv[]);
-
-BOOL WINAPI HandlerRoutine(DWORD dwCtrlType);
-
-NTSTATUS mimikatz_initOrClean(BOOL Init);
-
-NTSTATUS mimikatz_doLocal(wchar_t * input);
-NTSTATUS mimikatz_dispatchCommand(wchar_t * input);
+/*	Benjamin DELPY `gentilkiwi`
+	https://blog.gentilkiwi.com
+	[email protected]
+	Licence : https://creativecommons.org/licenses/by/4.0/
+*/
+#pragma once
+
+#include "globals.h"
+#include "modules/kuhl_m_standard.h"
+#include "modules/kuhl_m_tgt.h"
+#include "modules/kuhl_m_tgs.h"
+#include "modules/kuhl_m_exploit.h"
+#include "modules/kuhl_m_misc.h"
+#include "modules/kerberos/kuhl_m_kerberos.h"
+#include "modules/kuhl_m_smb.h"
+#include "modules/kuhl_m_ntlm.h"
+#include "modules/kuhl_m_tsssp.h"
+#include "modules/kuhl_m_server.h"
+
+#include "../modules/kull_m_file.h"
+#include "../modules/asn1/kull_m_kerberos_asn1.h"
+
+extern VOID WINAPI RtlGetNtVersionNumbers(LPDWORD pMajor, LPDWORD pMinor, LPDWORD pBuild);
+
+int wmain(int argc, wchar_t * argv[]);
+void mimikatz_begin();
+void mimikatz_end(NTSTATUS status);
+
+BOOL WINAPI HandlerRoutine(DWORD dwCtrlType);
+
+NTSTATUS mimikatz_initOrClean(BOOL Init);
+
+NTSTATUS mimikatz_doLocal(wchar_t * input);
+NTSTATUS mimikatz_dispatchCommand(wchar_t * input);
+
+#if defined(_POWERKATZ)
+__declspec(dllexport) wchar_t * powershell_reflective_kekeo(LPCWSTR input);
+#elif defined(_WINDLL)
+void CALLBACK kekeo_dll(HWND hwnd, HINSTANCE hinst, LPWSTR lpszCmdLine, int nCmdShow);
+#if defined(_M_X64) || defined(_M_ARM64)
+#pragma comment(linker, "/export:mainW=kekeo_dll")
+#elif defined(_M_IX86)
+#pragma comment(linker, "/export:mainW=_kekeo_dll@16")
+#endif
+#endif
diff --git a/kekeo/kekeo.rc b/kekeo/kekeo.rc
@@ -21,7 +21,7 @@ BLOCK "StringFileInfo"
 			VALUE "FileDescription", "kekeo for Windows"
 			VALUE "FileVersion", "2.2.0.0"
 			VALUE "InternalName", "kekeo"
-			VALUE "LegalCopyright", "Copyright (c) 2014 - 2019 gentilkiwi (Benjamin DELPY)"
+			VALUE "LegalCopyright", "Copyright (c) 2014 - 2021 gentilkiwi (Benjamin DELPY)"
 			VALUE "OriginalFilename", "kekeo.exe"
 			VALUE "PrivateBuild", "Build with love for POC only"
 			VALUE "SpecialBuild", ":)"

diff --git a/kekeo/kekeo.vcxproj b/kekeo/kekeo.vcxproj
@@ -17,6 +17,14 @@
       <Configuration>Second_Release_PowerShell</Configuration>
       <Platform>x64</Platform>
     </ProjectConfiguration>
+    <ProjectConfiguration Include="Simple_DLL|Win32">
+      <Configuration>Simple_DLL</Configuration>
+      <Platform>Win32</Platform>
+    </ProjectConfiguration>
+    <ProjectConfiguration Include="Simple_DLL|x64">
+      <Configuration>Simple_DLL</Configuration>
+      <Platform>x64</Platform>
+    </ProjectConfiguration>
   </ItemGroup>
   <PropertyGroup Label="Globals">
     <ProjectGuid>{E6F0D274-D280-4E1D-B11A-D47D63DDDE8E}</ProjectGuid>
@@ -26,11 +34,12 @@
     <SccAuxPath>Svn</SccAuxPath>
     <SccLocalPath>Svn</SccLocalPath>
     <SccProvider>SubversionScc</SccProvider>
+    <WindowsTargetPlatformVersion>10.0</WindowsTargetPlatformVersion>
   </PropertyGroup>
   <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
   <PropertyGroup Label="Configuration">
-    <ConfigurationType Condition="'$(Configuration)' != 'Second_Release_PowerShell'">Application</ConfigurationType>
-    <ConfigurationType Condition="'$(Configuration)' == 'Second_Release_PowerShell'">DynamicLibrary</ConfigurationType>
+    <ConfigurationType>Application</ConfigurationType>
+    <ConfigurationType Condition="('$(Configuration)' == 'Second_Release_PowerShell') Or ('$(Configuration)' == 'Simple_DLL')">DynamicLibrary</ConfigurationType>
     <UseDebugLibraries>false</UseDebugLibraries>
     <WholeProgramOptimization>true</WholeProgramOptimization>
     <CharacterSet>Unicode</CharacterSet>
@@ -62,7 +71,7 @@
       <FunctionLevelLinking>true</FunctionLevelLinking>
       <IntrinsicFunctions>false</IntrinsicFunctions>
       <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <TreatWarningAsError>true</TreatWarningAsError>
+      <PreprocessorDefinitions Condition="'$(Configuration)' == 'Second_Release_PowerShell'">_POWERKATZ;%(PreprocessorDefinitions)</PreprocessorDefinitions>
       <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
       <FavorSizeOrSpeed>Size</FavorSizeOrSpeed>
       <OmitFramePointers>true</OmitFramePointers>
@@ -73,6 +82,7 @@
       <FloatingPointExceptions>false</FloatingPointExceptions>
       <CreateHotpatchableImage>false</CreateHotpatchableImage>
       <ErrorReporting>None</ErrorReporting>
+      <TreatWarningAsError>true</TreatWarningAsError>
       <StructMemberAlignment Condition="'$(Platform)' == 'Win32'">4Bytes</StructMemberAlignment>
       <StructMemberAlignment Condition="'$(Platform)' == 'x64'">8Bytes</StructMemberAlignment>
     </ClCompile>
@@ -100,6 +110,7 @@
     <ClCompile Include="..\modules\kull_m_file.c" />
     <ClCompile Include="..\modules\kull_m_memory.c" />
     <ClCompile Include="..\modules\kull_m_net.c" />
+    <ClCompile Include="..\modules\kull_m_ntlm.c" />
     <ClCompile Include="..\modules\kull_m_output.c" />
     <ClCompile Include="..\modules\kull_m_pipe.c" />
     <ClCompile Include="..\modules\kull_m_sock.c" />
@@ -136,6 +147,7 @@
     <ClInclude Include="..\modules\kull_m_file.h" />
     <ClInclude Include="..\modules\kull_m_memory.h" />
     <ClInclude Include="..\modules\kull_m_net.h" />
+    <ClInclude Include="..\modules\kull_m_ntlm.h" />
     <ClInclude Include="..\modules\kull_m_output.h" />
     <ClInclude Include="..\modules\kull_m_pipe.h" />
     <ClInclude Include="..\modules\kull_m_samlib.h" />
@@ -164,10 +176,11 @@
     <ClInclude Include="modules\kuhl_m_standard.h" />
     <ClInclude Include="modules\kuhl_m_tsssp.h" />
   </ItemGroup>
-  <ItemGroup Condition="'$(Configuration)' != 'Second_Release_PowerShell'">
+  <ItemGroup Condition="'$(ConfigurationType)' == 'Application'">
     <ResourceCompile Include="kekeo.rc" />
+    <None Include="kekeo.ico" />
   </ItemGroup>
-  <ItemGroup Condition="'$(Configuration)' != 'Second_Release_PowerShell'">
+  <ItemGroup>
     <None Include="..\modules\asn1\kekeo.a1sproj" />
     <None Include="..\modules\asn1\KerberosV5-PK-INIT-SPEC.asn" />
     <None Include="..\modules\asn1\KerberosV5Spec2.asn" />
@@ -176,9 +189,7 @@
     <None Include="..\modules\asn1\PKIX1Explicit88.asn" />
     <None Include="..\modules\asn1\CredSSP.asn" />
     <None Include="..\modules\asn1\SPNEGO.asn" />
-    <None Include="kekeo.ico" />
-  </ItemGroup>
-  <ItemGroup>
     <None Include="..\modules\asn1\GSSAPI.asn" />
+    <None Include="..\modules\asn1\ldapv3.asn" />
   </ItemGroup>
 </Project>
diff --git a/kekeo/kekeo.vcxproj.filters b/kekeo/kekeo.vcxproj.filters
@@ -118,6 +118,9 @@
     <ClCompile Include="..\modules\kull_m_memory.c">
       <Filter>common modules</Filter>
     </ClCompile>
+    <ClCompile Include="..\modules\kull_m_ntlm.c">
+      <Filter>common modules</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="kekeo.h" />
@@ -226,6 +229,9 @@
     <ClInclude Include="..\modules\kull_m_memory.h">
       <Filter>common modules</Filter>
     </ClInclude>
+    <ClInclude Include="..\modules\kull_m_ntlm.h">
+      <Filter>common modules</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ResourceCompile Include="kekeo.rc" />
@@ -259,5 +265,8 @@
     <None Include="..\modules\asn1\GSSAPI.asn">
       <Filter>common modules\asn1</Filter>
     </None>
+    <None Include="..\modules\asn1\ldapv3.asn">
+      <Filter>common modules\asn1</Filter>
+    </None>
   </ItemGroup>
 </Project>