Tool That Extracts Windows Logon Credentials & Dumps Info Without Touching Disk

lsassy - Python library to remotely extract credentials.

The way Windows is designed, when it stores passwords, it uses lsass.exe, which is the Local Security Authority Subsystem Service.

  • So, when you go to your taskbar, and find the process, creating a dump file from it, saving it, contains logon credentials inside. There are various tools like the ones we posted about mimikaktz, you could use it on that dump file, sekurlsa:logonpasswords, will dump the password in plain text.

This technique is used in post exploitation, but using mimikatz touches disk, and sometimes hackers want to be as silent as possible, and know that from before, depending on the setup of the target machine, therefore lsassy by HacknDo is a tool that extracts and dumps this info Without touching disk, directly from the memory, using advanced and different ways like procdump, comsvsc.sll, crackmapexec, and extracting credentials from lsass remotely.

Blog post : https://en.hackndo.com/remote-lsass-dump-passwords/

This library uses impacket projects to remotely read necessary bytes in lsass dump and pypykatz to extract credentials.

GitHub Link: https://github.com/blackhatethicalhacking/lsassy

8 Likes