Skip to content

erezhazan1/lsassy

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

211 Commits
.github
.github
 
 
assets
assets
 
 
cme
cme
 
 
examples
examples
 
 
lsassy
lsassy
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

lsassy

PyPI version Twitter

Example

Python library to remotely extract credentials on a set of hosts. This blog post explains how it works.

This library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials.

Chapters Description
Requirements Requirements to install lsassy from source
Installation Installation commands from pip or from source
Documentation Lsassy documentation
CrackMapExec Module Link to CrackMapExec module included in this repository
Issues Read this before creating an issue
Acknowledgments Kudos to these people and tools
Contributors People contributing to this tool

Requirements

Installation

From pip

python3.7 -m pip install lsassy

From sources

python3.7 setup.py install

Documentation

The tool is fully documented in the wiki of this project

CrackMapExec module

I wrote a CrackMapExec module that uses lsassy to extract credentials on compromised hosts

CrackMapExec module is in cme folder : CME Module

ChangeLog

v2.0.0
------
* Multiprocessing support to dump credentials on multiple hosts at a time
* Add new dumping method using "dumpert"
* Can be used as a library in other python projects
* Syntax changed to be more flexible
* Complete code refactoring, way more organized and easy to maintain/extend
* Better error handling
* Complete wiki

v1.1.0
------
* Better execution process : --method flag has been added and described in help text
* Uses random dump name
* Chose between cmd, powershell, dll and/or procdump methods
* CME module is now using light lsassy WMIExec et TASKExec implementation
* Bug fixes

v1.0.0
------
* Built-in lsass dump
** Lsass dump using built-in Windows
** Lsass dump using procdump (using -p parameter)
* Add --dumppath to ask for remote parsing only
* Code refactoring
* Add --quiet to quiet output

v0.2.0
------
* Add BloodHound option to CME module (-o BLOODHOUND=True)
    - Set compromised targets as "owned" in BloodHound
    - Check if compromised users have at least one path to domain admin
* Custom parsing (json, grep, pretty [default])
* New --hashes option to lsassy
* Include CME module in repository
* Add credentials to CME database


v0.1.0
------
First release

Issues

If you find an issue with this tool (that's very plausible !), please

  • Check that you're using the latest version
  • Send as much details as possible.
    • For standalone lsassy, please use maximum verbosity -vv
    • For CME module, please use CrackMapExec --verbose flag

Acknowledgments

  • Impacket
  • SkelSec for Pypykatz, but also for his patience and help
  • mpgn for his help and ideas

Contributors

About

Extract credentials from lsass remotely

en.hackndo.com/remote-lsass-dump-passwords/

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • Python 99.3%
  • Makefile 0.7%