image
Python library to remotely extract credentials. This blog post explains how it works. You can check the wiki This library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials. Requirements Python >= 3.6 pypykatz >= 0.3.0 impacket Installation From pip python3.7 -m pip install lsassy From sources python3.7 setup.py install Basic Usage lsassy [–hashes [LM:]NT] [<domain>/]<user>[:<password>]@<target> Advanced Dumping methods This tool can dump lsass in different ways. Dumping methods ( -m or –method ) 0 : Try all methods (dll then procdump) to dump lsass, stop on success (Requires -p if dll method fails) 1 : comsvcs.dll method, stop on success (default) 2 : Procdump method, stop on success (Requires -p) 3 : comsvcs.dll + Powershell method, stop on success 4 : comsvcs.dll + cmd.exe method comsvcs.dll method This method only uses built-in Windows files to extract remote credentials. It uses minidump function from comsvcs.dll to dump lsass process. This method can only be used when context has SeDebugPrivilege . This privilege is either in Powershell local admin context, or cmd.exe SYSTEM context. Two execution methods can be used. WMIExec with cmd.exe (no SeDebugPrivilege), or powershell (SeDebugPrivilege) ScheduledTasks with SYSTEM context (SeDebugPrivilege) Procdump method This method uploads procdump.exe from…

Source