Windows 2012 R2 AD controller / Windows 10 client / Metasploit / Mimikatz

This is an experiment that I wanted to share.

But before that I wanted to introduce my collection of WTF screenshots from movies that I have started recently.

Mission Impossible 5

Data Transfer Relay Algo Open Sourced ….

I wish hacking would be as much fun as it looks in these movies  …


Software used:
Windows 2012 R2 – Domain Controller (VIRTUAL.COM) (64bit) {Latest}
Windows 10 – AD joined (WINDOWS10.VIRTUAL.COM) (64bit) {Latest}
Alpine Linux – Router (NS.VIRTUAL.COM) {4.4.11-0-grsec}
Debian Linux – Linux with Metasploit (64bit) {metasploit v4.12.24-dev-58112d7}
Virtual Box – Hyper-visor from Oracle {5.1.4}
Mimikatz – Latest version from
Custom tools to unload AV

– Execution of a custom meterpreter payload on a domain joined WINDOWS10.VIRTUAL.COM (64bit)
– Trying to run mimikatz from unprivileged session – no luck
– Executing the custom meterpreter payload binary with domain admin rights HYPERUSER\VIRTUAL.COM
– Try to execute inbuilt meterpeter mimikatz (kiwi / mimikatz) – no luck
– Try to execute mimikatz (64bit) copy from (Windows defender flags this) – no luck
– Upload mimikatz to host via meterpreter session
– Kill AV using Viktor Cleaner 2.0
– Execute mimikatz (64bit) copy from
– Profit


Part 1 of the experiment

Part 2 of the experiment


About astr0baby

Please run Adblock or similar... we have been told to do so since Carl Sagan wrote the Contact .
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.