Skip to content

smb lsassfile command

Jump to bottom
skelsec edited this page Apr 13, 2021 · 1 revision

What it does

Parses a remote LSASS dump file over SMB

Remarks

None

Requirements

A working SMB connection URL which denotes the LSASS dump file's location

Subcommands

None

Switches

  • url: SMB connection URL with the LSASS file's path. Please consult the Connection URL section
  • --json : Output results in JSON format
  • -g or --grep : Output results in greppable format
  • -k : Kerberos directory to write tickets there in kirbi and CCACHE format
  • --chunksize: Specifies how large each chunk should be read over SMB for the parsing
  • -p : Specifies which LSASS packages to parse. Default: all

Examples

  • pypykatz smb lsassfile 'smb2+ntlm-password://TEST\Administrator:QLFbT8zkiFGlJuf0B3Qq@10.10.10.102/C$/Users/victim/Desktop/lsass.DMP': Parses the LSASS file and outputs the results to console.

Home

Live commands

Platform-independent commands

ConnectionURL

Clone this wiki locally