Python library to remotely extract credentials. This blog post explains how it works. You can check the wiki This library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials. Requirements Python >= 3.6 pypykatz >= 0.3.0 impacket Installation From pip python3.7 -m pip install lsassy From sources python3.7 setup.py install Basic Usage lsassy [–hashes [LM:]NT] [<domain>/]<user>[:<password>]@<target> Advanced Dumping methods This tool can dump lsass in different ways. Dumping methods ( -m or –method ) 0 : Try all methods (dll then procdump) to dump lsass, stop on success (Requires -p if dll method fails) 1 : comsvcs.dll method, stop on success (default) 2 : Procdump method, stop on success (Requires -p) 3 : comsvcs.dll + Powershell method, stop on success 4 : comsvcs.dll + cmd.exe method comsvcs.dll method This method only uses built-in Windows files to extract remote credentials. It uses minidump function from comsvcs.dll to dump lsass process. This method can only be used when context has SeDebugPrivilege . This privilege is either in Powershell local admin context, or cmd.exe SYSTEM context. Two execution methods can be used. WMIExec with cmd.exe (no SeDebugPrivilege), or powershell (SeDebugPrivilege) ScheduledTasks with SYSTEM context (SeDebugPrivilege) Procdump method This method uploads procdump.exe from…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-01-16 15:30:002020-01-16 15:30:00Lsassy - Extract Credentials From Lsass Remotely
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org