Rusty Mimikatz - All credits to: github.com/ThottySploity/mimiRust (Original author deleted account so I uploaded for community use)

Overview

MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust.


    ███▄ ▄███▓ ██▓ ███▄ ▄███▓ ██▓ ██▀███   █    ██   ██████ ▄▄▄█████▓
    ▓██▒▀█▀ ██▒▓██▒▓██▒▀█▀ ██▒▓██▒▓██ ▒ ██▒ ██  ▓██▒▒██    ▒ ▓  ██▒ ▓▒
    ▓██    ▓██░▒██▒▓██    ▓██░▒██▒▓██ ░▄█ ▒▓██  ▒██░░ ▓██▄   ▒ ▓██░ ▒░
    ▒██    ▒██ ░██░▒██    ▒██ ░██░▒██▀▀█▄  ▓▓█  ░██░  ▒   ██▒░ ▓██▓ ░
    ▒██▒   ░██▒░██░▒██▒   ░██▒░██░░██▓ ▒██▒▒▒█████▓ ▒██████▒▒  ▒██▒ ░
    ░ ▒░   ░  ░░▓  ░ ▒░   ░  ░░▓  ░ ▒▓ ░▒▓░░▒▓▒ ▒ ▒ ▒ ▒▓▒ ▒ ░  ▒ ░░
    ░  ░      ░ ▒ ░░  ░      ░ ▒ ░  ░▒ ░ ▒░░░▒░ ░ ░ ░ ░▒  ░ ░    ░
    ░      ░    ▒ ░░      ░    ▒ ░  ░░   ░  ░░░ ░ ░ ░  ░  ░    ░
           ░    ░         ░    ░     ░        ░           ░

                    written in Rust by ThottySploity
            mimiRust $ means it's running without elevated privileges
             mimiRust # means it's running with elevated privileges
              mimiRust @ means it's running with system privileges


    mimiRust @ ?

    Choose one of the following options:

      passwords:
              • dump-credentials             Dumps systems credentials through Wdigest.
              • dump-hashes                  Dumps systems NTLM hashes (requires SYSTEM permissions).
              • clear                        Clears the screen of any past output.
              • exit                         Moves to top level menu

      pivioting:
              • shell <SHELL COMMAND>        Execute a shell command through cmd, returns output.
              • clear                        Clears the screen of any past output.
              • exit                         Moves to top level menu
              • (W.I.P)psexec                Executes a service on another system.
              • (W.I.P)pth                   Pass-the-Hash to run a command on another system.
              • (W.I.P)golden-ticket         Creates a golden ticket for a user account with the domain.

      privilege:
              • spawn-path <SPAWN_PATH>      Spawn program with SYSTEM permissions from location.
              • clear                        Clears the screen of any past output.
              • exit                         Moves to top level menu

    mimiRust @ passwords
    mimiRust::passwords @ dump-credentials

MimiRust is a post-exploitation tool that can be used within redteam operations. Like the name suggests the entire project is made within the Rust language. MimiRust is capable of the following actions:

  • Spawning any process as SYSTEM
  • Executing shell commands
  • Extracting Windows passwords out of memory through the wdigest attack vector.
  • Extracting Windows NTLM hashes from user accounts (aes / des) & (md5 / rc4)

Todo:

  • PSExec to create and start a service on another endpoint.
  • PtH (Pass-The-Hash)
  • Kerberos Golden Ticket
  • lsa patch to get NTLM hashes from LSASS (Local Security Authority Subsystem Service)

Maybe in the future I will make API calls obfuscated and strings polymorphic

Quick usage:

MimiRust can be ran in two different ways: from the command line using mimiRust.exe --help or in the shell by running the executable without any command line arguments. For help with the program type one of the following into mimiRust:

  • mimiRust # ?
  • mimiRust # h
  • mimiRust # help

You will now be required to type in the module that you want to access, current modules are:

  • passwords
  • pivioting
  • privilege

Dumping credentials from memory through wdigest

mimiRust::passwords # dump-credentials
mimiRust.exe --dump-credentials

Dumping NTLM hashes from user accounts

mimiRust::passwords @ dump-hashes
mimiRust.exe --dump-hashes

Executing shell commands

mimiRust::pivioting $ shell whoami

Spawning a process with SYSTEM

mimiRust::privilege # spawn-path cmd.exe
mimiRust.exe -s cmd.exe

Demo

Click on the demo to get a higher resolution

demo

Disclaimer

I am not responsible for what you do with the information and code provided. This is intended for professional or educational purposes only.

Author

Why was MimiRust made

MimiRust was created as a project by a first years Cyber Security Bachelors student. The reason for this is because I was too bored learning about business processes in a Security Bachelors that I decided to just start for myself.

Credits / References

You might also like...
MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust.
MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust.

MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust. MimiRust is a program based on the wdigest attack vector

MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust
MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust

MimiRust - Hacking the Windows operating system to hand us the keys to the kingdom with Rust

Rmt - similar to the rm command, but it allows me to save the deleted elements in the trash
Rmt - similar to the rm command, but it allows me to save the deleted elements in the trash

Rmt is similar to the rm command but saves the deleted elements in the trash and restores them. Rmt is written in Rust 🦀

Automatically deleted async I/O temporary files in Rust

async-tempfile Provides the TempFile struct, an asynchronous wrapper based on tokio::fs for temporary files that will be automatically deleted when th

An all-in-one IBC protocol providing fungible token transfer, interchain account, and async query functionalities

ICS-999 An all-in-one IBC protocol providing fungible token transfer, interchain account (ICA), and query (ICQ) functionalities, implemented in CosmWa

A game made for the Rusty Jam https://itch.io/jam/rusty-jam
A game made for the Rusty Jam https://itch.io/jam/rusty-jam

Murder-User Dungeon Introduction Tony is a young man. Finally having its own apartment is a good thing! He will learn how to live by himself and how t

Lust is a static image server designed to automatically convert uploaded image to several formats and preset sizes
Lust is a static image server designed to automatically convert uploaded image to several formats and preset sizes

What is Lust? Lust is a static image server designed to automatically convert uploaded image to several formats and preset sizes with scaling in mind.

A blazingly fast, ShareX uploader coded in Rust (using actix web) which utilizes AES-256-GCM-SIV to securely store uploaded content.

Magnesium Oxide ❔ What is this? Magnesium-Oxide (MGO) is a secure file uploader with support for ShareX. 🌠 Features 🔥 Blazingly fast uploads and enc

Safer Nostr is a service that helps protect users by loading sensitive information (IP leak) and using AI to prevent inappropriate images from being uploaded.

Safer Nostr is a service that helps protect users by loading sensitive information (IP leak) and using AI to prevent inappropriate images from being uploaded. It also offers image optimization and storage options. It has configurable privacy and storage settings, as well as custom cache expiration.

RGB (Rust Game Boy) is a simple emulator for the original game boy
RGB (Rust Game Boy) is a simple emulator for the original game boy

RGB RGB (Rust Game Boy) is a simple emulator for the original game boy and the color game boy. Warning: This no longer compiles in the latest versions

This is a port in the arkwork framework of the original implementation in bellperson of Snarkpack.

Snarpack on arkwork This is a port in the arkwork framework of the original implementation in bellperson of Snarkpack. Note both works are derived fro

An unofficial Logitech HID++2.0 driver based on the original logiops by PixlOne

ruhroh An unofficial Logitech HID++2.0 driver based on the original logiops by PixlOne Configuration Refer to the docs for details. The default locat

Original Version Management System based on Git
Original Version Management System based on Git

nss (noshishi) Original Version Management System based on Git. Learning git and rust for good developer. Usage Install cargo install nssi how to nss

Original source code for Practical Rust Projects 2nd ed. by Shing Lyu and Andrew Rzeznik

Apress Source Code This repository accompanies Practical Rust Projects 2nd ed. by Shing Lyu and Andrew Rzeznik (Apress, 2023). Download the files as a

An oauth2 client implementation providing the Device, Installed and Service Account flows.
An oauth2 client implementation providing the Device, Installed and Service Account flows.

yup-oauth2 is a utility library which implements several OAuth 2.0 flows. It's mainly used by google-apis-rs, to authenticate against Google services.

Decode Metaplex mint account metadata into a JSON file.

Simple Metaplex Decoder (WIP) Install From Source Install Rust. curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh Clone the source: git c

A list of known SS58 account types as an enum.

A list of known SS58 account types as an enum.

A Spotify downloader written in rust, which does not require a premium account

DownOnSpot A Spotify downloader written in Rust Disclaimer DownOnSpot was not developed for piracy. It is meant to be used in compliance with DMCA, Se

This contract is to provide vesting account feature for the both cw20 and native tokens, which is controlled by a master address

Token Vesting This contract is to provide vesting account feature for the both cw20 and native tokens, which is controlled by a master address. Instan

Owner
Mostly interested in low-level programming in Rust, Windows internals, offensive tool development, hypervisor development, and reverse engineering.
null
A simple menu to keep all your most used one-liners and scripts in one place

Dama Desktop Agnostic Menu Aggregate This program aims to be a hackable, easy to use menu that can be paired to lightweight window managers in order t

null 47 Jul 23, 2022
Dangerously fast dns/network/port scanner, all-in-one

Skanuvaty Dangerously fast dns/network/port scanner, all-in-one. Start with a domain, and we'll find everything about it. Features: Finds subdomains f

CCCC 701 Dec 31, 2022
Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pentesters. Written in Rust.

Ronflex Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for penteste

null 5 Apr 17, 2023
Upgrade all the things

Introduction Note This is a fork of topgrade by r-darwish to keep it maintained. Keeping your system up to date usually involves invoking multiple pac

null 858 Apr 25, 2023
Use Touch ID / Secure Enclave for SSH Authentication!

SeKey About SeKey is a SSH Agent that allow users to authenticate to UNIX/Linux SSH servers using the Secure Enclave How it Works? The Secure Enclave

SeKey 2.3k Dec 26, 2022
Example of CVE-2024-24576 use case.

CVE-2024-24576 PoC The Command::arg and Command::args APIs state in their documentation that the arguments will be passed to the spawned process as-is

Frostb1te 51 Jul 3, 2024
Fetch original quality URLs for images posted to a Twitter account

twitter-images Fetches the last tweets of a given account, then prints original quality URLs for all image tweets. Useful for archiving image content

Harsh Shandilya 6 Dec 23, 2022
Demonstrates Solana data account versioning used in supporting the Solana Cookbook article: Account Data Versioning

versioning-solana This repo demonstrates ONE rudimentary way to upgrade/migrate account data changes with solana program changes. What is data version

Frank V. Castellucci 6 Sep 30, 2022
Easy c̵̰͠r̵̛̠ö̴̪s̶̩̒s̵̭̀-t̶̲͝h̶̯̚r̵̺͐e̷̖̽ḁ̴̍d̶̖̔ ȓ̵͙ė̶͎ḟ̴͙e̸̖͛r̶̖͗ë̶̱́ṉ̵̒ĉ̷̥e̷͚̍ s̷̹͌h̷̲̉a̵̭͋r̷̫̊ḭ̵̊n̷̬͂g̵̦̃ f̶̻̊ơ̵̜ṟ̸̈́ R̵̞̋ù̵̺s̷̖̅ţ̸͗!̸̼͋

Rust S̵̓i̸̓n̵̉ I̴n̴f̶e̸r̵n̷a̴l mutability! Howdy, friendly Rust developer! Ever had a value get m̵̯̅ð̶͊v̴̮̾ê̴̼͘d away right under your nose just when

null 294 Dec 23, 2022
Claim probot daily credits, reChaptca solver

Probot, claim you daily credits it's a simple code that emulate to claim probot daily credits by using headless_chrome crate with rust language How to

Mr.Kasper 9 Dec 20, 2022