1 00:00:00,950 --> 00:00:08,540 ‫Mimi Katz is absolutely a great host exploitation tool after the initial exploitation phase. 2 00:00:08,720 --> 00:00:13,190 ‫Attackers may want to get a firmer foothold on a computer or network. 3 00:00:13,820 --> 00:00:17,330 ‫Doing so often requires a set of complementary tools. 4 00:00:17,840 --> 00:00:24,110 ‫Mimi Katz is an attempt to bundle together some of the most useful tasks that attackers will want to 5 00:00:24,110 --> 00:00:24,650 ‫perform. 6 00:00:25,400 --> 00:00:31,760 ‫Fortunately, Metasploit has decided to include Mimi Katz as an interpreter script to allow for easy 7 00:00:31,760 --> 00:00:37,520 ‫access to its full set of features without needing to upload any files to the disk of the compromised 8 00:00:37,520 --> 00:00:37,880 ‫host. 9 00:00:39,400 --> 00:00:46,000 ‫So after obtaining a maturity show, we need to ensure that our session is running with system level 10 00:00:46,000 --> 00:00:54,640 ‫privileges for Mimi Cats to function properly, so use get UID to look at the user and if it's not system 11 00:00:54,640 --> 00:00:59,560 ‫user, we can use get system to try to gain system privileges. 12 00:01:01,120 --> 00:01:03,760 ‫Now, we cannot be MCATs module into the memory. 13 00:01:04,830 --> 00:01:07,500 ‫Help me, me, cats to see the memy cats commands. 14 00:01:09,280 --> 00:01:15,820 ‫Now, Metasploit provides us with some built in commands that showcase Mimi is most commonly used features 15 00:01:16,210 --> 00:01:19,960 ‫dumping hashes and clear text credentials straight from memory. 16 00:01:20,530 --> 00:01:26,710 ‫However, the Memory Cards Command option gives us full access to all of the features in Mimic Cats. 17 00:01:28,160 --> 00:01:34,640 ‫Those slightly unorthodox, we can get a complete list of the available modules by trying to load a 18 00:01:34,640 --> 00:01:41,840 ‫non-existent feature, so type Mimi Cats command F to specify the feature. 19 00:01:42,260 --> 00:01:43,790 ‫Now write something meaningless. 20 00:01:43,790 --> 00:01:49,430 ‫For example, we'll just X-Y-Z put colon colon at the end and hit enter. 21 00:01:50,350 --> 00:01:53,530 ‫Here are the list of the modules we can use and maybe Cat. 22 00:01:55,260 --> 00:02:01,470 ‫We can also use mean MCATs commands to extract hashes and clear text credentials from the compromised 23 00:02:01,470 --> 00:02:10,140 ‫machine type Mimi cards, command f sam dump and hit enter see the commands of the SAM dump module. 24 00:02:11,290 --> 00:02:15,250 ‫Now, let's use the hashes, command and collect all the hashes. 25 00:02:19,860 --> 00:02:27,090 ‫To extract the clear tax credentials, we can use this search passwords command of the SEC you URL assay 26 00:02:27,090 --> 00:02:32,160 ‫module, this command search is directly intel says memory segments for passwords. 27 00:02:32,910 --> 00:02:39,930 ‫So type may MCATs command F as he q or else a search password and hit enter. 28 00:02:40,740 --> 00:02:42,870 ‫Now here we have a clear text password. 29 00:02:46,150 --> 00:02:49,510 ‫OK, so let's take a little break here and play some minesweeper. 30 00:02:52,710 --> 00:02:53,190 ‫Come on. 31 00:02:53,520 --> 00:02:55,950 ‫We're not children will play in expert mode, of course. 32 00:02:56,850 --> 00:02:59,040 ‫Well, OK, I'll need some help. 33 00:02:59,250 --> 00:03:06,660 ‫So back to Cali, we're in the interpreter session and Mimi Carter's loaded to list the modules of the 34 00:03:06,660 --> 00:03:07,320 ‫commands again. 35 00:03:07,320 --> 00:03:14,220 ‫Type MCATs Command F Q W e colon, colon and hit enter. 36 00:03:15,230 --> 00:03:18,710 ‫Now, there's a strange module here when mine. 37 00:03:19,190 --> 00:03:20,960 ‫Let's look at its command. 38 00:03:23,340 --> 00:03:26,250 ‫So what happens when we use the info command here? 39 00:03:28,040 --> 00:03:33,650 ‫Well, I think these stars show the places of the minds, so now we can know where to click. 40 00:03:35,980 --> 00:03:43,300 ‫OK, so restart the minesweeper again, and I'll use this cheat command for this time around. 41 00:03:44,900 --> 00:03:51,800 ‫Now, turn back to Minesweeper and click anywhere, and you are the new record holder. 42 00:03:52,250 --> 00:03:52,820 ‫Well done.