search

skelsec / pypykatz

Mimikatz implementation in pure Python
MIT License
2.81k stars 371 forks source link

Live option available on Linux #72

Closed mubix closed 3 years ago

mubix commented 3 years ago

Just a suggestion, but the live option should provide some sort of checking to see if there is an LSASS process available. When it's run on Linux, (I'm not sure if using it on WSL1 would work, cool possibility there) , but if it's can't find LSASS.exe running in a process list it might be worth erroring out with a mention that live is only for localhost and can't be used for remote access of LSASS

mubix commented 3 years ago

Sort of how it is for HandleDup

root@ubuntu:~# pypykatz live lsa --method handledup
Exception while dumping LSA credentials from memory.
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/dist-packages/pypykatz/lsadecryptor/cmdhelper.py", line 151, in run_live
    mimi = pypykatz.go_handledup()
  File "/usr/local/lib/python3.8/dist-packages/pypykatz/pypykatz.py", line 96, in go_handledup
    raise Exception('Live parsing will only work on Windows')
Exception: Live parsing will only work on Windows

==== Parsing errors:
live
mubix commented 3 years ago

Closed because while it does print a stack trace, it does have the notice that it only works on Windows.