Skip to content

smb secretsdump command

Jump to bottom
skelsec edited this page Apr 13, 2021 · 1 revision

What it does

performs lsassdump, regdump and dcsync

Remarks

Improvements needed

Requirements

  • A working SMB connection URL with a user that has admin right to the remote machine, for DCSYNC you will need getchanges/getchangesall rights as well.

Subcommands

None

Switches

  • url: SMB connection URL. Please consult the Connection URL section
  • --json : Output results in JSON format
  • -g or --grep : Output results in greppable format
  • -k : Kerberos directory to write tickets there in kirbi and CCACHE format
  • --chunksize: Specifies how large each chunk should be read over SMB for the parsing
  • -p : Specifies which LSASS packages to parse. Default: all
  • -o or --outfile : Writes the secrets to the specified file

Examples

  • pypykatz smb secretsdump 'smb2+ntlm-password://TEST\Administrator:[email protected]': Performs secretsdump.

Home

Live commands

Platform-independent commands

ConnectionURL

Clone this wiki locally