-
Notifications
You must be signed in to change notification settings - Fork 680
The Kiwi Extension
The Kiwi extension which uses the mimikatz submodule needs to be updated periodically. Follow these steps to complete the update process.
-
Clone down your fork of the rapid7/mimikatz repository
-
Create a new branch to make a PR from eventually
-
Add the upstream to pull changes from (
gentilkiwi/mimikatz
) (run:git remote add gentilkiwi git@github:gentilkiwi/mimikatz.git
) -
Merge in the changes from the upstream’s primary branch, carefully fixing each conflict by hand
Pro-tip: Configure git to use a dedicated merge tool like meld
-
Once completed, push that branch up to GitHub and note it’s SHA-1 commit ID
-
Clone down your fork of the rapid7/metasploit-payloads repository
-
Create a new branch to make a PR from eventually and navigate into the
c/meterpreter/source/extensions/kiwi
directory -
Update the submodule by fetching the changes from the updated mimikatz branch and verify that the commit is now the one that was previously noted
-
Build the new Meterpreter extension using Visual Studio
- It’s very likely that compilation will fail with linking errors. This is most likely due to:
- Files that were added by the update but have not been added to the Visual Studio project (e.g. LNK2001)
- New libraries that the updates have added as requirements that need to be linked (e.g. LNK2019)
- Go to Visual Studio and navigate to
ext_server_kiwi
and enter the properties, then add the missing library underConfiguration Properties > Linker > Input > Additional Dependencies
- Go to Visual Studio and navigate to
To figure out which one it is, check if the symbol that is missing is defined in mimikatz or not. If it is defined, check if the file where it’s defined is included in the Visual Studio configuration. If it is not defined, check the MSDN docs online to see if it’s defined in a Microsoft library.
Pro-tip: Write down which files were added, it’ll come in handy later. Alternatively the changes to the
ext_server_kiwi.vcxpro
file can be inspected. - It’s very likely that compilation will fail with linking errors. This is most likely due to:
-
Test the newly built Meterpreter extensions
- There are a few ways to do this, the easiest is to create a symbolic link between the entry in the output directory and
~/.msf4/payloads/meterpreter
. From within thec/meterpreter/output
directory:- Run
mkdir -p ~/.msf4/payloads/meterpreter
to create the directory if necessary - Run
ln -s $(pwd)/ext_server_kiwi.{x86,x64}.dll ~/.msf4/payloads/meterpreter
to create a symbolic link for both files - Load Metasploit and obtain a Metepreter session
- Run
load kiwi
and there should be a warning stating that a local file was loaded which may not be compatible
- Run
- There are a few ways to do this, the easiest is to create a symbolic link between the entry in the output directory and
-
Build the new Meterpreter extensions using MinGW
- From
c/meterpreter
runmake docker-x86
andmake docker-x64
- Fix any issues that may come up
- Files that were identified and added to the Visual Studio project in step 9 should be added to:
c/meterpreter/workspace/ext_server_kiwi/CMakeLists.txt
- Files that were identified and added to the Visual Studio project in step 9 should be added to:
- If there were any changes necessary, return to step 9 and confirm that the Visual Studio builds are still working
- From
-
Make a Pull Request to rapid7/kiwi that includes the upstream changes as well as any changes that were made for Meterpreter and MinGW compatibility
-
Make a Pull Request to rapid7/metasploit-payloads that updates the submodule