1 00:00:04,790 --> 00:00:13,220 Mimi Katz is absolutely a great host exploitation tool after the initial exploitation phase, the Packers 2 00:00:13,220 --> 00:00:20,690 may want to get a firmer foothold on a computer or network doing so often requires a set of complementary 3 00:00:20,690 --> 00:00:21,180 tools. 4 00:00:21,680 --> 00:00:27,980 Mimi Katz is an attempt to bundle together some of the most useful tasks that attackers will want to 5 00:00:27,980 --> 00:00:28,520 perform. 6 00:00:29,270 --> 00:00:35,600 Fortunately, Métis Boyd has decided to include Mimi Katz as an interpreter script to allow for easy 7 00:00:35,600 --> 00:00:41,360 access to its full set of features without needing to upload any files to the disk of the compromised 8 00:00:41,360 --> 00:00:41,750 host. 9 00:00:43,210 --> 00:00:49,870 So after obtaining a metaphor to show we need to ensure that our session is running with system level 10 00:00:49,870 --> 00:00:57,960 privileges for Mimi Katz to function properly, so you get UID to look at the user, and if it's not 11 00:00:57,970 --> 00:01:03,430 system user, we can use get system to try to gain system privileges. 12 00:01:04,950 --> 00:01:07,620 Now we can be maquettes module into the memory. 13 00:01:08,670 --> 00:01:11,370 Help me get to see the Mimecast commands. 14 00:01:13,120 --> 00:01:18,760 Now, Métis Boyd provides us with some built-In commands that showcase Maemi, Gazza's most commonly 15 00:01:18,760 --> 00:01:23,790 used features dumping hashes and clear text credentials straight from memory. 16 00:01:24,340 --> 00:01:30,580 However, that maybe Cat's command option gives us full access to all of the features in Mimecast. 17 00:01:31,990 --> 00:01:38,470 Though slightly unorthodox, we can get a complete list of the available modules by trying to load a 18 00:01:38,470 --> 00:01:45,680 non-existent feature, so type Mimecast command F to specify the feature. 19 00:01:46,090 --> 00:01:47,680 Now write something meaningless. 20 00:01:47,680 --> 00:01:53,260 For example, just X, Y, Z, put colon, colon at the end and hit enter. 21 00:01:54,170 --> 00:01:57,380 Here are the list of the modules we can use in Mimecast. 22 00:01:59,090 --> 00:02:05,330 We can also use memory cards commands to extract hashes and clear text credentials from the compromised 23 00:02:05,330 --> 00:02:11,840 machine type Mimi Katz, command f sam dump and hit ETAs. 24 00:02:11,840 --> 00:02:14,000 See the commands of the SAM module. 25 00:02:15,130 --> 00:02:19,120 Now, let's use the hashas command and collect all the hashes. 26 00:02:23,700 --> 00:02:30,480 To extract the clear text credentials, we can use this search password's command of the SEC You Earl 27 00:02:30,480 --> 00:02:31,430 essay module. 28 00:02:32,100 --> 00:02:38,400 This command search is directly in Alsace memory segments for Password's so type Meimi Cats' Command 29 00:02:38,400 --> 00:02:43,770 F as he KUAR else a search password and hit enter. 30 00:02:44,580 --> 00:02:46,740 Now here we have a clear text password. 31 00:02:49,920 --> 00:02:53,340 OK, so let's take a little break here and play some minesweeper. 32 00:02:56,550 --> 00:02:59,790 Come on, we're not children will play in expert mode, of course. 33 00:03:00,660 --> 00:03:03,020 Well, OK, I'll need some help. 34 00:03:03,070 --> 00:03:04,230 So back to Cali. 35 00:03:04,800 --> 00:03:11,190 We're in the maturity session and Mimecast is loaded to list the modules of the commands again. 36 00:03:11,190 --> 00:03:18,060 Type Mimecast Cat Command F Q w e colon colon and it enter. 37 00:03:19,070 --> 00:03:24,830 Now, there's a strange module here when mine, let's look at its commands. 38 00:03:27,170 --> 00:03:30,110 So what happens when we use the info command here? 39 00:03:31,850 --> 00:03:37,520 Well, I think these stars show the places of the mines, so now we can know where to click. 40 00:03:39,750 --> 00:03:47,190 OK, so restart the minesweeper again and I'll use this cheat command for this time around. 41 00:03:48,720 --> 00:03:55,650 Now turn back to Minesweeper and click anywhere, and you are the new record holder. 42 00:03:56,100 --> 00:03:56,700 Well done.