-
Notifications
You must be signed in to change notification settings - Fork 384
smb live secretsdump command
skelsec edited this page Apr 14, 2021
·
1 revision
performs lsassdump, regdump and dcsync
Improvements needed
- A user context that has admin right to the remote machine, for DCSYNC you will need getchanges/getchangesall rights as well.
None
-
host
: Target hostname or IP -
--json
: Output results in JSON format -
-g
or--grep
: Output results in greppable format -
-k
: Kerberos directory to write tickets there inkirbi
andCCACHE
format -
--chunksize
: Specifies how large each chunk should be read over SMB for the parsing -
-p
: Specifies which LSASS packages to parse. Default:all
-
-o
or--outfile
: Writes the secrets to the specified file
-
pypykatz live smb secretsdump win2019ad.test.corp
: Performs secretsdump.