MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust

Overview

MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust.

███▄ ▄███▓ ██▓ ███▄ ▄███▓ ██▓ ██▀███   █    ██   ██████ ▄▄▄█████▓
▓██▒▀█▀ ██▒▓██▒▓██▒▀█▀ ██▒▓██▒▓██ ▒ ██▒ ██  ▓██▒▒██    ▒ ▓  ██▒ ▓▒
▓██    ▓██░▒██▒▓██    ▓██░▒██▒▓██ ░▄█ ▒▓██  ▒██░░ ▓██▄   ▒ ▓██░ ▒░
▒██    ▒██ ░██░▒██    ▒██ ░██░▒██▀▀█▄  ▓▓█  ░██░  ▒   ██▒░ ▓██▓ ░
▒██▒   ░██▒░██░▒██▒   ░██▒░██░░██▓ ▒██▒▒▒█████▓ ▒██████▒▒  ▒██▒ ░
░ ▒░   ░  ░░▓  ░ ▒░   ░  ░░▓  ░ ▒▓ ░▒▓░░▒▓▒ ▒ ▒ ▒ ▒▓▒ ▒ ░  ▒ ░░
░  ░      ░ ▒ ░░  ░      ░ ▒ ░  ░▒ ░ ▒░░░▒░ ░ ░ ░ ░▒  ░ ░    ░
░      ░    ▒ ░░      ░    ▒ ░  ░░   ░  ░░░ ░ ░ ░  ░  ░    ░
       ░    ░         ░    ░     ░        ░           ░

                written in Rust by ThottySploity
        mimiRust $ means it's running without elevated privileges
         mimiRust # means it's running with elevated privileges
          mimiRust @ means it's running with system privileges


mimiRust @ ?

Choose one of the following options:

  passwords:
          • dump-credentials             Dumps systems credentials through Wdigest.
          • dump-hashes                  Dumps systems NTLM hashes (requires SYSTEM permissions).
          • clear                        Clears the screen of any past output.
          • exit                         Moves to top level menu

  pivioting:
          • shell         Execute a shell command through cmd, returns output.
          • clear                        Clears the screen of any past output.
          • exit                         Moves to top level menu
          • (W.I.P)psexec                Executes a service on another system.
          • (W.I.P)pth                   Pass-the-Hash to run a command on another system.
          • (W.I.P)golden-ticket         Creates a golden ticket for a user account with the domain.

  privilege:
          • spawn-path       Spawn program with SYSTEM permissions from location.
          • clear                        Clears the screen of any past output.
          • exit                         Moves to top level menu

mimiRust @ passwords
mimiRust::passwords @ dump-credentials

MimiRust is a post-exploitation tool that can be used within redteam operations. Like the name suggests the entire project is made within the Rust language. MimiRust is capable of the following actions:

  • Spawning any process as SYSTEM
  • Executing shell commands
  • Extracting Windows passwords out of memory through the wdigest attack vector.
  • Extracting Windows NTLM hashes from user accounts (aes / des) & (md5 / rc4)

Todo:

  • PSExec to create service on another endpoint.
  • PtH (Pass-The-Hash)
  • Kerberos Golden Ticket

Maybe in the future I will make it polymorphic and obfuscate the strings (also polymorphic) and API calls.

Quick usage:

MimiRust can be ran in two different ways: from the command line using mimiRust.exe --help or in the shell by running the executable without any command line arguments. For help with the program type one of the following into mimiRust:

  • mimiRust # ?
  • mimiRust # h
  • mimiRust # help

You will now be required to type in the module that you want to access, current modules are:

  • passwords
  • pivioting
  • privilege


Dumping credentials from memory through wdigest

mimiRust::passwords # dump-credentials
mimiRust.exe --dump-credentials


Dumping NTLM hashes from user accounts

mimiRust::passwords @ dump-hashes
mimiRust.exe --dump-hashes


Executing shell commands

mimiRust::pivioting $ shell whoami


Spawning a process with SYSTEM

mimiRust::privilege # spawn-path cmd.exe
mimiRust.exe -s cmd.exe

Demo

click on the demo to get a higher resolution

mimiRust Demo


Disclaimer

I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.


Author

Why was MimiRust made

MimiRust was created as a project by a first years Cyber Security Bachelors student. The reason for this is because I was too bored learning about business processes in a Security Bachelors that I decided to just start for myself.


You might also like...
A tool to identify related SSL keys, CSRs, and certificates.

⛓ sslchains A tool to identify related SSL keys, CSRs, and certificates. Usage Default Display Mode Run with any number of path arguments to define th

Project Masterpass is a deterministic databaseless key management algorithm, aimed to help those who cannot protect their encryption keys in storage

Project Masterpass (working title) Attention! This project is still under heavy development, and SHOULD NOT be used in practice, as the algorithms cou

Authorize an ssh session using your keys on GitHub.

GitHub AuthorizedKeysCommand (hubakc) Heavily inspired by https://github.com/sequencer/gitakc . It allows someone login to the server using their ssh

Git FIDO Helper - Sign your Git commits with multiple resident SSH keys

gfh Git FIDO helper, or God Fucking Help me. gfh is a tool for helping you sign your commits in Git with resident SSH keys stored on multiple FIDO dev

Windows Linked Lists in idiomatic Rust (LIST_ENTRY, SINGLE_LIST_ENTRY)
Windows Linked Lists in idiomatic Rust (LIST_ENTRY, SINGLE_LIST_ENTRY)

nt-list by Colin Finck [email protected] Provides compatible, type-safe, and idiomatic Rust implementations of the Windows NT Linked Lists, known as

A Minimal Windows SDK.

Minimal Windows 10 SDK Installs only the necessary Windows 10 .lib files to save you having to download the full Visual Studio package. You can either

MyCitadel Wallet app for Linux, Windows & MacOS desktop made with GTK+
MyCitadel Wallet app for Linux, Windows & MacOS desktop made with GTK+

MyCitadel Desktop Bitcoin, Lightning and RGB wallet MyCitadel is a wallet for bitcoin, digital assets and bitcoin finance (#BiFi) smart contracts. It

Open-source tool to enforce privacy & security best-practices on Windows and macOS, because privacy is sexy 🍑🍆

privacy-sexy Open-source tool to enforce privacy & security best-practices on Windows and MacOs, because privacy is sexy 🍑 🍆 privacy-sexy is a data-

Nostr Vanity Address Generator (Windows, Linux and macOS)

Nostr Vanity Address Generator CLI tool to generate vanity addresses for Nostr Usage Download the latest release built by GitHub CI from the releases

Owner
Pentester/red teamer interested in Rust, Windows internals, reverse engineering, Windows malware techniques, and game hacking.
null
A fresh FRAME-based Substrate node, ready for hacking

Substrate Node Template A fresh FRAME-based Substrate node, ready for hacking ?? Getting Started Follow the steps below to get started with the Node T

Web 3 | Mobile | Blockchain Full Stack Engineer 6 Jun 23, 2023
CosmOS - experimental operating system written in Rust.

CosmOS A simple operating system written in Rust. Table of Contents CosmOS Setup QEMU Run OS dev resources General Bootloader Setup Linux Arch pacman

COSMO PK Group 11 Oct 7, 2023
A certificate verification library for rustls that uses the operating system's verifier

rustls-platform-verifier A Rust library to verify the validity of TLS certificates based on the operating system's certificate facilities. On operatin

null 17 Dec 26, 2022
A certificate verification library for rustls that uses the operating system's verifier

rustls-platform-verifier A Rust library to verify the validity of TLS certificates based on the operating system's certificate facilities. On operatin

null 13 Nov 6, 2022
Convert private keys to PKCS#8 format in pure Rust

topk8 Convert private keys to PKCS#8 format in pure Rust. The following formats are supported at the moment: PKCS#1 PEM (RSA PRIVATE KEY) SEC1 PEM (EC

kazk 1 Dec 10, 2021
Ethereum key tool - Lightweight CLI tool to deal with ETH keys written in rust

ekt - Etherum Key Tool ekt is a lightweight tool to generate ethereum keys and addresses. Installation Either clone it and run it with cargo or instal

null 5 May 8, 2023
use your GitHub SSH keys to authenticate to sshd

aeneid If you squint, GitHub is basically a free, zero-ops IdP that provides SSH public keys. Let's use it to authenticate to OpenSSH! What / How? The

Nikhil Jha 21 Dec 6, 2022
ssh-box: use ssh keys to encrypt files

ssh-box: use ssh keys to encrypt files work in progress ssh-box file format A file encrypted by ssh-box is an ASCII-armored binary file. The binary co

Tony Finch 3 Jun 27, 2022
Retrieving SSH and GPS keys from GitHub and GitLab

Dormarch Retrieving SSH and GPS keys from GitHub and GitLab Usage After having installed Dormarch, you can see all the options with dormarch -h. To re

Riccardo Padovani 2 Dec 24, 2021
A collection of algorithms that can do join between two parties while preserving the privacy of keys on which the join happens

Private-ID Private-ID is a collection of algorithms to match records between two parties, while preserving the privacy of these records. We present tw

Meta Research 169 Dec 5, 2022