Python library to parse remote lsass dumps
Project description
lsassy
Python library to remotely extract credentials on a set of hosts. This blog post explains how it works.
This library uses impacket project to remotely read necessary bytes in lsass dump and pypykatz to extract credentials.
Chapters | Description |
---|---|
Requirements | Requirements to install lsassy from source |
Documentation | Lsassy documentation |
CrackMapExec Module | Link to CrackMapExec module included in this repository |
Issues | Read this before creating an issue |
Acknowledgments | Kudos to these people and tools |
Contributors | People contributing to this tool |
Requirement
- Python >= 3.6
Documentation
The tool is fully documented in the project's wiki
Installation
Standalone
Library
CrackMapExec module
CrackMapExec module
I wrote a CrackMapExec module that uses lsassy to extract credentials on compromised hosts
CrackMapExec module is in cme
folder : CME Module
Issues
If you find an issue with this tool (that's very plausible !), please
- Check that you're using the latest version
- Send as much details as possible.
- For standalone lsassy, please use maximum verbosity
-vv
- For CME module, please use CrackMapExec
--verbose
flag
- For standalone lsassy, please use maximum verbosity
Changelog
v2.1.0
------
* Kerberos authentication support (Thank you laxa for PR)
* Add CME module for python3
* Update bloodhound queries for BloodHound3
* Bug fixes
v2.0.0
------
* Multiprocessing support to dump credentials on multiple hosts at a time
* Add new dumping method using "dumpert"
* Can be used as a library in other python projects
* Syntax changed to be more flexible
* Complete code refactoring, way more organized and easy to maintain/extend
* Better error handling
* Complete wiki
v1.1.0
------
* Better execution process : --method flag has been added and described in help text
* Uses random dump name
* Chose between cmd, powershell, dll and/or procdump methods
* CME module is now using light lsassy WMIExec et TASKExec implementation
* Bug fixes
v1.0.0
------
* Built-in lsass dump
** Lsass dump using built-in Windows
** Lsass dump using procdump (using -p parameter)
* Add --dumppath to ask for remote parsing only
* Code refactoring
* Add --quiet to quiet output
v0.2.0
------
* Add BloodHound option to CME module (-o BLOODHOUND=True)
- Set compromised targets as "owned" in BloodHound
- Check if compromised users have at least one path to domain admin
* Custom parsing (json, grep, pretty [default])
* New --hashes option to lsassy
* Include CME module in repository
* Add credentials to CME database
v0.1.0
------
First release
Acknowledgments
Contributors
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
lsassy-2.1.1.tar.gz
(20.6 kB
view hashes)
Built Distribution
lsassy-2.1.1-py3-none-any.whl
(25.7 kB
view hashes)