Added Invoke-Interceptor

samratashok · Jan 28, 2016 · 657b6df · 657b6df
1 parent c77e6dc
commit 657b6df
Show file tree

Hide file tree

Showing 4 changed files with 792 additions and 60 deletions.
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
@@ -1,3 +1,5 @@
+0.6.3
+- Added Invoke-Interceptor to the MITM directory.
 0.6.2
 - Added support for dumping cleartext credentials from RDP sessions for Invoke-MimikatzWfigestDowngrade.
 0.6.1

diff --git a/Gather/Get-Information 1.ps1 b/Gather/Get-Information 1.ps1
diff --git a/Gather/Invoke-MimikatzWDigestDowngrade.ps1 b/Gather/Invoke-MimikatzWDigestDowngrade.ps1
@@ -2841,6 +2841,7 @@ Main
         }
     }
 
+    #Above should work for console login as well but the below code is better and more relaible as it uses WMI events to detect login.
     else
     {
         $actionblock = {& $mimikatz;Sleep 5; Remove-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest -Name UseLogonCredential }
-Original file line number
+Diff line change
@@ Expand Up / @@ -2841,6 +2841,7 @@ Main @@
             }
         }
+        #Above should work for console login as well but the below code is better and more relaible as it uses WMI events to detect login.
         else
         {
             $actionblock = {& $mimikatz;Sleep 5; Remove-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\WDigest -Name UseLogonCredential }
@@ Expand Down @@