Releases: login-securite/lsassy
Releases · login-securite/lsassy
v3.1.10
v3.1.9
v3.1.8
Version 3.1.7
Merge #79 : Update logging mechanism so now it creates a logger, and it doesn't use the default logging object. Thank you @Marshall-Hallenbeck for this great clean up!
Version 3.1.6
- Update Pypykatz min version to get full results
- Minor changes & fixes
Version 3.1.4
- Add SilentProcessExit method
- Fix double output issue
- Fix hard coded
/tmp path
in EDRSandBlast dump method for Windows compatibility
Version 3.1.3
Hot fix
When using --no-masterkeys
flag, no credentials would be returned.
Change default
Default was to display masterkeys. Now, flag --masterkeys
needs to be used.
Version 3.1.2
Improvements
- Add usable TGT in credentials output
- TGT are automatically dumped and saved locally
- Add SQLDumper method (Thanks Luis Rocha for SQLDumper technique)
- Add nanodump_ssp dump method (#70 thanks to @snovvcrash)
- Add rawrpc dump method (#74 thanks to @3gstudent)
- Dissociate output and file format (#69 thanks to @D-XIII)
- Add masterkeys in output (#71 thanks to @zblurx)
- It's now possible to chain multiple commands on remote host to dump lsass (see comsvcs_stealth.py for example)
- Add
--keep-dump
parameter to keep lsass dump (no delete) - Add
--no-color
parameter to disable colored output (maybe useful for Windows)
Thank you @snovvcrash, @3gstudent, @D-XIII and @zblurx for your contribution!
v3.1.1
Version 3.1.0
Features
- Add
--copy
parameter to copy "cmd.exe" or "powershell.exe" to C:\Windows\Temp with a random name before using them for command execution - Add EDRSandBlast dump method from th3m4ks and Qazeer technique. It will upload their executable, and the vulnerable driver to remove EDR kernel callbacks, dump lsass, and restore EDR kernel callbacks.
- Add nanodump method from s4ntiago_p
- Add Rdrleakdiag technique technique from 0gtweet
Improvements
- Refactor dependencies to make it easier to create new dump modules based on compiled tools
- Possibility to host tools on a SMB server and provide the share path to lsassy
- Automatic listing of dump methods and execution methods in help
- Update
comsvcs_stealth
technique using cyb3rops tweet info