Feature Request: remote file parsing

[mubix]

In this blog post: https://en.hackndo.com/remote-lsass-dump-passwords/#dump-size

there are code edits that assist in parsing remote files without needing to download them. It would be awesome if Pypykatz had this feature.

[skelsec]

Hello, I'm not entirely sure what the request is. There is an API available here to parse whatever object you throw at it as long as you have those 4 methods implemented.
Also that is what LSASSY uses.
Please clarify.

[mubix]

Having this capability: pypykatz lsa minidump adsec.local/jsnow:Winter_is_coming_\!@DC01.adsec.local:/C$/Windows/Temp/lsass.dmp

Unless I'm missing something this capability doesn't exist currently

[skelsec]

Understood.
I always wanted to do something like that however there are these things to consider:

1. LSASSY already has this feature and as far as I know it works well, @Hackndo did a good job
2. If I'd wanted to implement that feature I'd had to change a major part of the codebase to support asyncio (to support aiosmb as supporting impacket is already implemented in lsassy) OR at least to have every single structure a size parameter (for read-ahead). The latter might be doable (and it would greatly help LSASSY as well) but it'd be a lot of work and I currently don't have much time for that.

Is there any specific reason you want to have this in pypykatz instead of using LSASSY? Personally I'd rather help out that project if something is missing than do changes in the most-used part of pypykatz as re-testing everything takes ages.

[skelsec]

you closed this too early. Took a weekend but here u go: pypykatz smb lsassfile 'smb2+ntlm-password://<domain>\<user>:<password>@<hostname>/C$/Users/victim/Desktop/lsass.DMP'

[mubix]

That's bad ass

[skelsec]

Closing this because it's solved now. If errors arise pls let me know in another issue.