-
Notifications
You must be signed in to change notification settings - Fork 384
smb lsassfile command
skelsec edited this page Apr 13, 2021
·
1 revision
Parses a remote LSASS dump file over SMB
None
A working SMB connection URL which denotes the LSASS dump file's location
None
-
url: SMB connection URL with the LSASS file's path. Please consult theConnection URLsection -
--json: Output results in JSON format -
-gor--grep: Output results in greppable format -
-k: Kerberos directory to write tickets there inkirbiandCCACHEformat -
--chunksize: Specifies how large each chunk should be read over SMB for the parsing -
-p: Specifies which LSASS packages to parse. Default:all
-
pypykatz smb lsassfile 'smb2+ntlm-password://TEST\Administrator:[email protected]/C$/Users/victim/Desktop/lsass.DMP': Parses the LSASS file and outputs the results to console.