HOME

TheInfoList



Click Here for Items Related To - Mimikatz
OR:
Mimikatz on:   [Wikipedia]   [Google]   [Amazon]

Mimikatz is both an exploit on
Microsoft Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...
that extracts passwords stored in memory and software that performs that exploit. It was created by
French French may refer to: * Something of, from, or related to France ** French language, which originated in France ** French people, a nation and ethnic group ** French cuisine, cooking traditions and practices Arts and media * The French (band), ...
programmer Benjamin Delpy and is French slang for "cute cats".


History

Benjamin Delpy discovered a flaw in Microsoft Windows that holds both an encrypted copy of a password and a key that can be used to decipher it in memory at the same time. He contacted
Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
in 2011 to point out the flaw, but Microsoft replied that it would require the machine to be already compromised. Delpy realised that the flaw could be used to gain access to non-compromised machines on a network from a compromised machine. He released the first version of the software in May 2011 as
closed source Proprietary software is software that grants its creator, publisher, or other rightsholder or rightsholder partner a legal monopoly by modern copyright and intellectual property law to exclude the recipient from freely sharing the software or modi ...
software. In September 2011, the exploit was used in the
DigiNotar DigiNotar was a Dutch certificate authority, established in 1998 and acquired in January 2011 by VASCO Data Security International, Inc. The company was hacked in June 2011 and it issued hundreds of fake certificates, some of which were used f ...
hack.


Russian conference

Delpy spoke about the software at a conference in 2012. Once during the conference, he returned to his room to find a stranger sitting at his laptop. The stranger apologised, saying he was in the wrong room and left. A second man approached him during the conference and demanded he give him copies of his presentation and software on a
USB flash drive A flash drive (also thumb drive, memory stick, and pen drive/pendrive) is a data storage device that includes flash memory with an integrated USB interface. A typical USB drive is removable, rewritable, and smaller than an optical disc, and u ...
. Delpy gave him copies. Delpy felt shaken by his experiences and before he left Russia, he released the source code on
GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...
. He felt that those defending against cyberattacks should learn from the code in order to defend against the attack.


Windows updates

In 2013 Microsoft added a feature to Windows 8.1 that would allow turning off the feature that could be exploited. In Windows 10 the feature is turned off by default, but Jake Williams from Rendition Infosec says that it remains effective, either because the system runs an outdated version of Windows, or he can use
privilege escalation Privilege escalation is the act of exploiting a Software bug, bug, a Product defect, design flaw, or a configuration oversight in an operating system or software application to gain elevated access to resource (computer science), resources that ar ...
to gain enough control over the target to turn on the exploitable feature. Benjamin Delpy has updated the software to cover further exploits than the original.


Use in malware

The Carbanak attack and the cyberattack on the
Bundestag The Bundestag (, "Federal Diet (assembly), Diet") is the lower house of the Germany, German Federalism in Germany, federal parliament. It is the only constitutional body of the federation directly elected by the German people. The Bundestag wa ...
used the exploit. The
NotPetya Petya is a family of encrypting malware that was first discovered in 2016. The malware targets Microsoft Windows–based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents ...
and BadRabbit malware used versions of the attack combined with
EternalBlue EternalBlue is a computer exploit software developed by the U.S. National Security Agency (NSA). It is based on a zero-day vulnerability in Microsoft Windows software that allowed users to gain access to any number of computers connected to a ...
and EternalRomance exploits.


In popular culture

In
Mr. Robot ''Mr. Robot'' is an American drama thriller television series created by Sam Esmail for USA Network. It stars Rami Malek as Elliot Alderson, a cybersecurity engineer and hacker with social anxiety disorder, clinical depression, and dissoci ...
episode 9 of season 2, Angela Moss uses mimikatz to get her boss's Windows domain password.


References


External links


Implementation by Benjamin Delpy on githubImplementation of exploit on github
{{Hacking in the 2010s, collapsed Hacking in the 2010s Hacking in the 2020s Microsoft Windows security technology Computer security exploits