Skip to content

The Kiwi Extension

Grant Willcox edited this page Mar 14, 2023 · 6 revisions

Updating Steps

The Kiwi extension which uses the mimikatz submodule needs to be updated periodically. Follow these steps to complete the update process.

  1. Clone down your fork of the rapid7/mimikatz repository

  2. Create a new branch to make a PR from eventually

  3. Add the upstream to pull changes from (gentilkiwi/mimikatz) (run: git remote add gentilkiwi git@github:gentilkiwi/mimikatz.git)

  4. Merge in the changes from the upstream’s primary branch, carefully fixing each conflict by hand

    Pro-tip: Configure git to use a dedicated merge tool like meld

  5. Once completed, push that branch up to GitHub and note it’s SHA-1 commit ID

  6. Clone down your fork of the rapid7/metasploit-payloads repository

  7. Create a new branch to make a PR from eventually and navigate into the c/meterpreter/source/extensions/kiwi directory

  8. Update the submodule by fetching the changes from the updated mimikatz branch and verify that the commit is now the one that was previously noted

  9. Build the new Meterpreter extension using Visual Studio

    1. It’s very likely that compilation will fail with linking errors. This is most likely due to:
      1. Files that were added by the update but have not been added to the Visual Studio project (e.g. LNK2001)
      2. New libraries that the updates have added as requirements that need to be linked (e.g. LNK2019)
        1. Go to Visual Studio and navigate to ext_server_kiwi and enter the properties, then add the missing library under Configuration Properties > Linker > Input > Additional Dependencies

    To figure out which one it is, check if the symbol that is missing is defined in mimikatz or not. If it is defined, check if the file where it’s defined is included in the Visual Studio configuration. If it is not defined, check the MSDN docs online to see if it’s defined in a Microsoft library.

    Pro-tip: Write down which files were added, it’ll come in handy later. Alternatively the changes to the ext_server_kiwi.vcxpro file can be inspected.

  10. Test the newly built Meterpreter extensions

    1. There are a few ways to do this, the easiest is to create a symbolic link between the entry in the output directory and ~/.msf4/payloads/meterpreter. From within the c/meterpreter/output directory:
      1. Run mkdir -p ~/.msf4/payloads/meterpreter to create the directory if necessary
      2. Run ln -s $(pwd)/ext_server_kiwi.{x86,x64}.dll ~/.msf4/payloads/meterpreter to create a symbolic link for both files
      3. Load Metasploit and obtain a Metepreter session
      4. Run load kiwi and there should be a warning stating that a local file was loaded which may not be compatible
  11. Build the new Meterpreter extensions using MinGW

    1. From c/meterpreter run make docker-x86 and make docker-x64
    2. Fix any issues that may come up
      1. Files that were identified and added to the Visual Studio project in step 9 should be added to: c/meterpreter/workspace/ext_server_kiwi/CMakeLists.txt
    3. If there were any changes necessary, return to step 9 and confirm that the Visual Studio builds are still working
  12. Make a Pull Request to rapid7/kiwi that includes the upstream changes as well as any changes that were made for Meterpreter and MinGW compatibility

  13. Make a Pull Request to rapid7/metasploit-payloads that updates the submodule

Clone this wiki locally