This repository contains all of the scripts and source code for "Where 2 Worlds Collide: Bringing Mimikatz et al to UNIX". In addition to the main linikatz.sh script, this also includes auditd policies, John the Ripper rules, Metasploit post-exploitation modules and fuzzers. The research behind this has now been incorporated into ATT&CK for Enterprise: T1558. More will follow in due course.
More details can be found at Portcullis Labs: https://labs.portcullis.co.uk/presentations/where-2-worlds-collide-bringing-mimikatz-et-al-to-unix/
For any queries about the contents of this repository please contact Security Advisory EMEAR.
To use the linikatz tool:
./linikatz.sh
For other components, please read the manual.
8672d46e879f704b4b41a401c1a0aae5e6365f18a798a1fbaa4b1a8e711db34b linikatz.sh.00a366f266662ccdc09b394307f54bc1c664fa84
e69a6f8e45f8dd8ee977b6aed73cac25537c39f6fb74cf9cc225f2af1d9e4cd7 linikatz.sh.f7e55a4c1f8e028912c34481818181cccef54c08
adf6d464ce449914110607706da329993186f52f99074af1b7b1734a46dd4fcf linikatz.sh.7991c4ad8f4f3b31178a8844c2f19540135f8b5d
a1b3d36a9cc4bc118c646ae5430a6e0fc811f2ec3614a3de9682b5c07eaade2d linikatz.sh.ed6f5acbd7df804df18080f441d763f196d8536d
4681186a8bcaff98f0d2513d30add67345491b95f7f743883e6ca2506ba7aaaf linikatz.sh.baf3733f49c7d6e4d9e93093f6ff422a1ca4d08d
691f577714a4ae22bc22ec49edec5a15bf546a9827e8e1cf4e9e688b2ba9f72e linikatz.sh.bfa0d506343f750296bb16a69fbaeea5e866a195
9a3a44c544cd596ebf94583614035575e746f57315e20ec56a819c7152ba3fe9 linikatz.sh.200ce4001e997dcdb4db5be8cde114a48dda7e4c
f3aacbbaacceb0bdcac49d9b5e1da52d6883b7d736ca68f0a98f5a1d4838b995 linikatz.sh.99dc0d1a6abed4e5d301ec2c8067ce47935a3929
12e9256bbb969343cc20fa9e259c0af1bf12d6c7bd0263bd7b2a60575b73cf62 linikatz.sh.a40adc77fd10fec9cf3e3292db7b3007bc37707f
66c368f799227a9b571f841057e2d5f12c862360d5f7f564da9936acd67c66a0 linikatz.sh.1b185eaa12d6fff63d774c81d612c1735d1cd60c
612789c90ec1040d821a985265ea3b2f57e2c8df90b3880752dcb869e45256bc linikatz.sh.d160be156e1737d7b22f64f74c0c740435af685d
f1696fdc28bdb9e757a14b2ba9e698af8f70bb928d3c9e9fb524249f20231d08 linikatz.sh.118d753e603609046739301d60a743031d0bcacc
b2363d2b238f9336bb270fe96db258243668a916d7ddf94bf3a3126ed7cae508 linikatz.sh.174e0e1fc57a06172da5f8439f7f5d88e9ee6663
a0101bdeeb3f99c0640c203716381ef9f6bad8e89973eaa608c801ed3f6ccace linikatz.sh.97e768f1710721dac09f6dfdf9287649573dc47c
b8ad30b89d6cabe30501ed963b21dcaec70b3283608682678629feae2c1b2235 linikatz.sh.20798bc8dec2141ff25f1a9e2e8dc2e6dca15a1e
cbeecb2981c75b8f066b1f04f19f2095bdcf22f19d0d3f1099b83963547c00cb linikatz.sh.ccb992097a551f1a889db4388b4170804db47172
For current detection coverage, please see: