{"id":11565,"date":"2020-09-30T21:05:22","date_gmt":"2020-09-30T15:35:22","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=11565"},"modified":"2020-09-30T21:05:22","modified_gmt":"2020-09-30T15:35:22","slug":"sharpsecdump","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/","title":{"rendered":"SharpSecDump : .Net Port Of The Remote SAM + LSA Secrets Dumping"},"content":{"rendered":"\n<p><strong>SharpSecDump<\/strong> is a .Net port of the remote SAM + LSA Secrets dumping functionality of impacket&#8217;s secretsdump.py. By default runs in the context of the current user. Please only use in environments you own or have permission to test against.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Usage<\/strong><\/p>\n\n\n\n<p class=\"has-vivid-green-cyan-color has-black-background-color has-text-color has-background\"><code><strong>SharpSecDump.exe -target=192.168.1.15 -u=admin -p=Password123 -d=test.local<\/strong><\/code><\/p>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>Required Flags<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>-target<\/strong> &#8211; Comma seperated list of IP&#8217;s \/ hostnames to scan. Please don&#8217;t include spaces between addresses. Can also dump hashes on the local system by setting target to 127.0.0.1.<\/li><\/ul>\n\n\n\n<p class=\"has-light-green-cyan-background-color has-background\"><strong>Optional Flags<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>-u<\/strong> &#8211; Username to use, if you want to use alternate credentials to run. Must use with -p and -d flags<\/li><li><strong>-p<\/strong> &#8211; Plaintext password to use, if you want to use alternate credentials to run. Must use with -u and -d flags<\/li><li><strong>-d<\/strong> &#8211; Domain to use, if you want to use alternate credentials to run (. for local domain). Must use with -u and -p flags<\/li><li><strong>-threads<\/strong> &#8211; Threads to use to concurently enumerate multiple remote hosts (Default: 10)<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Notes<\/strong><\/p>\n\n\n\n<p>The project has been tested against Win 7,10, Server 2012, and Server 2016. Older versions (win 2003 \/ xp) may not work with this tool.<\/p>\n\n\n\n<p>By default, if you&#8217;re attempting to dump hives from your local system, you&#8217;ll need to be running from a high-integrity context. However, this is not necessary when targeting remote systems.<\/p>\n\n\n\n<p>This currently supports SAM + SECURITY registry hive dumping to retrieve cached credential data. However, it does not support NTDS.dit parsing \/ dcsync yet. If you&#8217;re looking for dcsync functionality in a .Net project I recommend <a href=\"https:\/\/github.com\/b4rtik\/SharpKatz\">sharpkatz<\/a>.<\/p>\n\n\n\n<p>If a system is configured to disallow RPC over TCP (RPC over named pipe is required &#8212; this is not a default setting) there is a 21s delay before Windows will fall back to RPC\/NP, but will still allow the connection. This appears to be a limitation of using API calls that leverage the SCManager to remotely bind to services.<\/p>\n\n\n\n<p class=\"has-text-align-center has-vivid-green-cyan-background-color has-background\"><strong>Credits<\/strong><\/p>\n\n\n\n<p>This code is a port of functionality from <a href=\"https:\/\/github.com\/SecureAuthCorp\/impacket\">impacket<\/a> by <a href=\"https:\/\/twitter.com\/agsolino\">@agsolino<\/a> and <a href=\"https:\/\/github.com\/skelsec\/pypykatz\">pypykatz<\/a> by <a href=\"https:\/\/twitter.com\/SkelSec\">@skelsec<\/a>. All credit goes to them for the original steps to parse and decrypt info from the registry hives.<\/p>\n\n\n\n<p>The registry hive structures used are from <a href=\"https:\/\/github.com\/brandonprry\/gray_hat_csharp_code\">gray_hat_csharp_code<\/a> by <a href=\"https:\/\/twitter.com\/BrandonPrry\">@BrandonPrry<\/a>.<\/p>\n\n\n\n<p>Finally, the original idea for the script was based on a partial port I was working on of <a href=\"https:\/\/github.com\/darkoperator\/Posh-SecMod\">Posh_SecModule<\/a> by <a href=\"https:\/\/twitter.com\/Carlos_Perez\">@Carlos_Perez<\/a>, a good chunk of initial SAM parsing code came from that project.<\/p>\n\n\n\n<div class=\"wp-block-buttons aligncenter is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-vivid-cyan-blue-background-color has-background\" href=\"https:\/\/github.com\/G0ldenGunSec\/SharpSecDump\" target=\"_blank\" rel=\"noreferrer noopener\"><strong>Download<\/strong><\/a><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>SharpSecDump is a .Net port of the remote SAM + LSA Secrets dumping functionality of impacket&#8217;s secretsdump.py. By default runs in the context of the current user. Please only use in environments you own or have permission to test against. Usage SharpSecDump.exe -target=192.168.1.15 -u=admin -p=Password123 -d=test.local Required Flags -target &#8211; Comma seperated list of IP&#8217;s [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16540,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png","fifu_image_alt":"SharpSecDump : .Net Port Of The Remote SAM + LSA Secrets Dumping","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[50,1948,2926,3067],"class_list":["post-11565","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-net","tag-lsa","tag-sam","tag-sharpsecdump"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SharpSecDump : .Net Port Of The Remote SAM + LSA Secrets Dumping<\/title>\n<meta name=\"description\" content=\"SharpSecDump is a .Net port of the remote SAM + LSA Secrets dumping functionality of impacket&#039;s secretsdump.py. By default runs in the context\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SharpSecDump : .Net Port Of The Remote SAM + LSA Secrets Dumping\" \/>\n<meta property=\"og:description\" content=\"SharpSecDump is a .Net port of the remote SAM + LSA Secrets dumping functionality of impacket&#039;s secretsdump.py. By default runs in the context\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-30T15:35:22+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"SharpSecDump : .Net Port Of The Remote SAM + LSA Secrets Dumping\",\"datePublished\":\"2020-09-30T15:35:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/\"},\"wordCount\":399,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png\",\"keywords\":[\".NET\",\"LSA\",\"SAM\",\"SharpSecDump\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/\",\"name\":\"SharpSecDump : .Net Port Of The Remote SAM + LSA Secrets Dumping\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png\",\"datePublished\":\"2020-09-30T15:35:22+00:00\",\"description\":\"SharpSecDump is a .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py. By default runs in the context\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SharpSecDump : .Net Port Of The Remote SAM + LSA Secrets Dumping","description":"SharpSecDump is a .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py. By default runs in the context","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/","og_locale":"en_US","og_type":"article","og_title":"SharpSecDump : .Net Port Of The Remote SAM + LSA Secrets Dumping","og_description":"SharpSecDump is a .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py. By default runs in the context","og_url":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-09-30T15:35:22+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"SharpSecDump : .Net Port Of The Remote SAM + LSA Secrets Dumping","datePublished":"2020-09-30T15:35:22+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/"},"wordCount":399,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png","keywords":[".NET","LSA","SAM","SharpSecDump"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/","url":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/","name":"SharpSecDump : .Net Port Of The Remote SAM + LSA Secrets Dumping","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png","datePublished":"2020-09-30T15:35:22+00:00","description":"SharpSecDump is a .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py. By default runs in the context","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/sharpsecdump\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/sharpsecdump\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-T9ghzyQ9l1w\/X3MaLJclBhI\/AAAAAAAAHrw\/Ts96YcNUvDUmOyO7hy4x1o1komZaSb6rACLcBGAsYHQ\/s728\/SharpSecDump%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":25477,"url":"https:\/\/kalilinuxtutorials.com\/duplicatedump\/","url_meta":{"origin":11565,"position":0},"title":"DuplicateDump : Dumping LSASS With A Duplicated Handle From Custom LSA Plugin","author":"R K","date":"June 27, 2022","format":false,"excerpt":"DuplicateDump is a fork of\u00a0MirrorDump\u00a0with following modifications: DInovke implementationLSA plugin DLL written in C++ which could be clean up after dumping LSASS. MirrorDump compile LSA plugin as .NET assembly which would not be unloaded by LSASS process. That's why MirrorDump failed to delete the plugin.PID of dump process (i.e., DuplicateDump)\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgua8PUtgsZzgpAgU6TTbeQwWvp-jdPLCMyq0dQy4HvXpN9dhkBaynYddARktwtqUtLsc-sLfH06es2fCKOjG8BrzvloXJFYRHexPZ3gTeVwBLaiTnzx8TVWDO-4KoVFW8Tz3n7Y4HeTPqPLKnXTKOECG9S_dPBvKZkPx_bcesvJL5r0q8qRAgYA6SC\/s728\/duplicatedump-dumping-lsass-with-a-duplicated-handle-from-custom-lsa-plugin.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgua8PUtgsZzgpAgU6TTbeQwWvp-jdPLCMyq0dQy4HvXpN9dhkBaynYddARktwtqUtLsc-sLfH06es2fCKOjG8BrzvloXJFYRHexPZ3gTeVwBLaiTnzx8TVWDO-4KoVFW8Tz3n7Y4HeTPqPLKnXTKOECG9S_dPBvKZkPx_bcesvJL5r0q8qRAgYA6SC\/s728\/duplicatedump-dumping-lsass-with-a-duplicated-handle-from-custom-lsa-plugin.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgua8PUtgsZzgpAgU6TTbeQwWvp-jdPLCMyq0dQy4HvXpN9dhkBaynYddARktwtqUtLsc-sLfH06es2fCKOjG8BrzvloXJFYRHexPZ3gTeVwBLaiTnzx8TVWDO-4KoVFW8Tz3n7Y4HeTPqPLKnXTKOECG9S_dPBvKZkPx_bcesvJL5r0q8qRAgYA6SC\/s728\/duplicatedump-dumping-lsass-with-a-duplicated-handle-from-custom-lsa-plugin.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgua8PUtgsZzgpAgU6TTbeQwWvp-jdPLCMyq0dQy4HvXpN9dhkBaynYddARktwtqUtLsc-sLfH06es2fCKOjG8BrzvloXJFYRHexPZ3gTeVwBLaiTnzx8TVWDO-4KoVFW8Tz3n7Y4HeTPqPLKnXTKOECG9S_dPBvKZkPx_bcesvJL5r0q8qRAgYA6SC\/s728\/duplicatedump-dumping-lsass-with-a-duplicated-handle-from-custom-lsa-plugin.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":22151,"url":"https:\/\/kalilinuxtutorials.com\/lsarelayx\/","url_meta":{"origin":11565,"position":1},"title":"Lsarelayx : NTLM Relaying For Windows Made Easy","author":"R K","date":"February 25, 2022","format":false,"excerpt":"Lsarelayx is system wide NTLM relay tool designed to relay incoming NTLM based authentication to the host it is running on. lsarelayx will relay\u00a0any\u00a0incoming authentication request which includes SMB. Since lsarelayx hooks into existing application authentication flows, the tool will also attempt to service the original authentication request after the\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiMRJUkj_C2HKPQLB2br49MGS40TQc0IWUFNzjesse0QKAoIFw6tnTw8iXOBFGM7ArHBhYKAzTjE6dyQJVwoDqgAqnfVIcvbOoLd-D3OKndH-e5frcOrL1MTbb0oBV_zrDp4YjfNYLUyDfWRH0M_jQsJEXrUbgL08t6awrmWK5E6H2P6PzKUxBGXDTE=s728","width":350,"height":200,"srcset":"https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiMRJUkj_C2HKPQLB2br49MGS40TQc0IWUFNzjesse0QKAoIFw6tnTw8iXOBFGM7ArHBhYKAzTjE6dyQJVwoDqgAqnfVIcvbOoLd-D3OKndH-e5frcOrL1MTbb0oBV_zrDp4YjfNYLUyDfWRH0M_jQsJEXrUbgL08t6awrmWK5E6H2P6PzKUxBGXDTE=s728 1x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiMRJUkj_C2HKPQLB2br49MGS40TQc0IWUFNzjesse0QKAoIFw6tnTw8iXOBFGM7ArHBhYKAzTjE6dyQJVwoDqgAqnfVIcvbOoLd-D3OKndH-e5frcOrL1MTbb0oBV_zrDp4YjfNYLUyDfWRH0M_jQsJEXrUbgL08t6awrmWK5E6H2P6PzKUxBGXDTE=s728 1.5x, https:\/\/blogger.googleusercontent.com\/img\/a\/AVvXsEiMRJUkj_C2HKPQLB2br49MGS40TQc0IWUFNzjesse0QKAoIFw6tnTw8iXOBFGM7ArHBhYKAzTjE6dyQJVwoDqgAqnfVIcvbOoLd-D3OKndH-e5frcOrL1MTbb0oBV_zrDp4YjfNYLUyDfWRH0M_jQsJEXrUbgL08t6awrmWK5E6H2P6PzKUxBGXDTE=s728 2x"},"classes":[]},{"id":37125,"url":"https:\/\/kalilinuxtutorials.com\/krbrelayex\/","url_meta":{"origin":11565,"position":2},"title":"KrbRelayEx : Mastering Kerberos Ticket Relay Attacks In Active Directory Environments","author":"Varshini","date":"March 19, 2025","format":false,"excerpt":"KrbRelayEx is a sophisticated tool designed for performing Man-in-the-Middle (MitM) attacks by relaying Kerberos AP-REQ tickets. It is particularly useful in scenarios where an attacker seeks to exploit vulnerabilities in Active Directory environments, especially those related to DNS manipulation and Kerberos authentication. Key Features Of KrbRelayEx Kerberos AP-REQ Ticket Relay:\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/KrbRelayEx.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/KrbRelayEx.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/KrbRelayEx.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/KrbRelayEx.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/KrbRelayEx.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/03\/KrbRelayEx.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":34734,"url":"https:\/\/kalilinuxtutorials.com\/deadpotato\/","url_meta":{"origin":11565,"position":3},"title":"DeadPotato &#8211; Harnessing Advanced System Tools For Security And Administration","author":"Varshini","date":"September 9, 2024","format":false,"excerpt":"The latest iteration of the versatile security tool designed for network administrators and cybersecurity professionals. This version adds new capabilities like domain data collection for BloodHound and enhanced compatibility with Windows 10. Learn how to leverage DeadPotato\u2019s suite of modules for system assessment and security exploitation. This version includes the\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhG9bvzUniqt_lYhcb3XeAOFdMV7dZ3ddxGNhd3KRE6N-iXVfGKdUioqkzYfS7IKE0t1OzdRYhFbpqRBEV0RlAzCXDWJCEAoHHGt0C5Gt1cTIrcOeT_mgWCYhm1OU1JVVKRQU2ZQCRQaIobkcyQSevCe56yCF6MKVnmusgPFuh2QcCV_kDkZEA14Nsssr17\/s16000\/DeadPotato%20.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhG9bvzUniqt_lYhcb3XeAOFdMV7dZ3ddxGNhd3KRE6N-iXVfGKdUioqkzYfS7IKE0t1OzdRYhFbpqRBEV0RlAzCXDWJCEAoHHGt0C5Gt1cTIrcOeT_mgWCYhm1OU1JVVKRQU2ZQCRQaIobkcyQSevCe56yCF6MKVnmusgPFuh2QcCV_kDkZEA14Nsssr17\/s16000\/DeadPotato%20.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhG9bvzUniqt_lYhcb3XeAOFdMV7dZ3ddxGNhd3KRE6N-iXVfGKdUioqkzYfS7IKE0t1OzdRYhFbpqRBEV0RlAzCXDWJCEAoHHGt0C5Gt1cTIrcOeT_mgWCYhm1OU1JVVKRQU2ZQCRQaIobkcyQSevCe56yCF6MKVnmusgPFuh2QcCV_kDkZEA14Nsssr17\/s16000\/DeadPotato%20.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhG9bvzUniqt_lYhcb3XeAOFdMV7dZ3ddxGNhd3KRE6N-iXVfGKdUioqkzYfS7IKE0t1OzdRYhFbpqRBEV0RlAzCXDWJCEAoHHGt0C5Gt1cTIrcOeT_mgWCYhm1OU1JVVKRQU2ZQCRQaIobkcyQSevCe56yCF6MKVnmusgPFuh2QcCV_kDkZEA14Nsssr17\/s16000\/DeadPotato%20.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhG9bvzUniqt_lYhcb3XeAOFdMV7dZ3ddxGNhd3KRE6N-iXVfGKdUioqkzYfS7IKE0t1OzdRYhFbpqRBEV0RlAzCXDWJCEAoHHGt0C5Gt1cTIrcOeT_mgWCYhm1OU1JVVKRQU2ZQCRQaIobkcyQSevCe56yCF6MKVnmusgPFuh2QcCV_kDkZEA14Nsssr17\/s16000\/DeadPotato%20.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhG9bvzUniqt_lYhcb3XeAOFdMV7dZ3ddxGNhd3KRE6N-iXVfGKdUioqkzYfS7IKE0t1OzdRYhFbpqRBEV0RlAzCXDWJCEAoHHGt0C5Gt1cTIrcOeT_mgWCYhm1OU1JVVKRQU2ZQCRQaIobkcyQSevCe56yCF6MKVnmusgPFuh2QcCV_kDkZEA14Nsssr17\/s16000\/DeadPotato%20.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":11998,"url":"https:\/\/kalilinuxtutorials.com\/sharpmapexec\/","url_meta":{"origin":11565,"position":4},"title":"SharpMapExec : A Sharpen Version Of CrackMapExec","author":"R K","date":"January 5, 2021","format":false,"excerpt":"SharpMapExec is a sharpen version of CrackMapExec. This tool is made to simplify penetration testing of networks and to create a swiss army knife that is made for running on Windows which is often a requirement during insider threat simulation engagements. Besides scanning for access it can be used to\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":36722,"url":"https:\/\/kalilinuxtutorials.com\/netexec-cheatsheet\/","url_meta":{"origin":11565,"position":5},"title":"NetExec Cheatsheet : A Comprehensive Guide","author":"Varshini","date":"February 26, 2025","format":false,"excerpt":"NetExec, also known as nxc, is a powerful network hacking tool designed to automate security assessments of large-scale networks. It builds upon the legacy of CrackMapExec, offering enhanced functionality for penetration testers, red teamers, and cybersecurity professionals. Below is a detailed cheatsheet to help you utilize NetExec effectively. To install\u2026","rel":"","context":"In &quot;Cyber security&quot;","block_context":{"text":"Cyber security","link":"https:\/\/kalilinuxtutorials.com\/category\/cyber-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/NetExec-Cheatsheet-.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/NetExec-Cheatsheet-.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/NetExec-Cheatsheet-.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/NetExec-Cheatsheet-.webp?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/NetExec-Cheatsheet-.webp?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/02\/NetExec-Cheatsheet-.webp?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/11565","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=11565"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/11565\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16540"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=11565"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=11565"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=11565"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}