Skip to main content

Python library to parse remote lsass dumps

Project description

lsassy

PyPI version Twitter

Example

Python library to remotely extract credentials on a set of hosts. This blog post explains how it works.

This library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials.

Chapters Description
Requirements Requirements to install lsassy from source
Installation Installation commands from pip or from source
Documentation Lsassy documentation
CrackMapExec Module Link to CrackMapExec module included in this repository
Issues Read this before creating an issue
Acknowledgments Kudos to these people and tools
Contributors People contributing to this tool

Requirements

Installation

From pip

python3.7 -m pip install lsassy

From sources

python3.7 setup.py install

Documentation

The tool is fully documented in the wiki of this project

CrackMapExec module

I wrote a CrackMapExec module that uses lsassy to extract credentials on compromised hosts

CrackMapExec module is in cme folder : CME Module

ChangeLog

v2.0.0
------
* Multiprocessing support to dump credentials on multiple hosts at a time
* Add new dumping method using "dumpert"
* Can be used as a library in other python projects
* Syntax changed to be more flexible
* Complete code refactoring, way more organized and easy to maintain/extend
* Better error handling
* Complete wiki

v1.1.0
------
* Better execution process : --method flag has been added and described in help text
* Uses random dump name
* Chose between cmd, powershell, dll and/or procdump methods
* CME module is now using light lsassy WMIExec et TASKExec implementation
* Bug fixes

v1.0.0
------
* Built-in lsass dump
** Lsass dump using built-in Windows
** Lsass dump using procdump (using -p parameter)
* Add --dumppath to ask for remote parsing only
* Code refactoring
* Add --quiet to quiet output

v0.2.0
------
* Add BloodHound option to CME module (-o BLOODHOUND=True)
    - Set compromised targets as "owned" in BloodHound
    - Check if compromised users have at least one path to domain admin
* Custom parsing (json, grep, pretty [default])
* New --hashes option to lsassy
* Include CME module in repository
* Add credentials to CME database


v0.1.0
------
First release

Issues

If you find an issue with this tool (that's very plausible !), please

  • Check that you're using the latest version
  • Send as much details as possible.
    • For standalone lsassy, please use maximum verbosity -vv
    • For CME module, please use CrackMapExec --verbose flag

Acknowledgments

  • Impacket
  • SkelSec for Pypykatz, but also for his patience and help
  • mpgn for his help and ideas

Contributors

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

lsassy-2.0.4.tar.gz (19.4 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

lsassy-2.0.4-py3-none-any.whl (24.5 kB view details)

Uploaded Python 3

File details

Details for the file lsassy-2.0.4.tar.gz.

File metadata

  • Download URL: lsassy-2.0.4.tar.gz
  • Upload date:
  • Size: 19.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.40.0 CPython/3.7.3

File hashes

Hashes for lsassy-2.0.4.tar.gz
Algorithm Hash digest
SHA256 819743cc07e513dcf4fe9c6f42ec2ed77c8bb830c314ac030c0332e4b9c6c86e
MD5 8338a80cd6baa2c6cbb5d56dc7717e90
BLAKE2b-256 7a1d12f7f47412edf292979d67018701681ba3d3eb9c18f2537f6d38595dfd05

See more details on using hashes here.

File details

Details for the file lsassy-2.0.4-py3-none-any.whl.

File metadata

  • Download URL: lsassy-2.0.4-py3-none-any.whl
  • Upload date:
  • Size: 24.5 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.1.1 pkginfo/1.5.0.1 requests/2.21.0 setuptools/40.8.0 requests-toolbelt/0.9.1 tqdm/4.40.0 CPython/3.7.3

File hashes

Hashes for lsassy-2.0.4-py3-none-any.whl
Algorithm Hash digest
SHA256 febe3463cf13d0a6c842d77549337a539b9b8501916479cf6a80c1e9079d6561
MD5 05ed9c5b5250e48ce4f62a4e46c2841f
BLAKE2b-256 57840ef182100002116998893369d59e8dc4559dacecfe8d8ecff33f9dda1f40

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page