NetExec GithubNetexec Lab
Edit

Dump LSA

Dump LSA secrets

Extracts and downloads SECURITY registry hive, and uses secretsdump.py methods locally to dump secrets

You need at least local admin privilege on the remote target, use option --local-auth if your user is a local account

nxc winrm 192.168.1.0/24 -u UserName -p 'PASSWORDHERE' --lsa
PreviousDump SAMNextDump DPAPI

Last updated

Was this helpful?