Closed mubix closed 3 years ago
Hello,
I'm not entirely sure what the request is. There is an API available here to parse whatever object you throw at it as long as you have those 4 methods implemented.
Also that is what LSASSY uses.
Please clarify.
Having this capability:
pypykatz lsa minidump adsec.local/jsnow:Winter_is_coming_\!@DC01.adsec.local:/C$/Windows/Temp/lsass.dmp
Unless I'm missing something this capability doesn't exist currently
Understood.
I always wanted to do something like that however there are these things to consider:
Is there any specific reason you want to have this in pypykatz instead of using LSASSY? Personally I'd rather help out that project if something is missing than do changes in the most-used part of pypykatz as re-testing everything takes ages.
you closed this too early. Took a weekend but here u go:
pypykatz smb lsassfile 'smb2+ntlm-password://<domain>\<user>:<password>@<hostname>/C$/Users/victim/Desktop/lsass.DMP'
That's bad ass
Closing this because it's solved now. If errors arise pls let me know in another issue.
In this blog post: https://en.hackndo.com/remote-lsass-dump-passwords/#dump-size
there are code edits that assist in parsing remote files without needing to download them. It would be awesome if Pypykatz had this feature.