Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/alfarom256/BOF-ForeignLsass
https://github.com/alfarom256/BOF-ForeignLsass
Last synced: 21 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/alfarom256/BOF-ForeignLsass
- Owner: alfarom256
- Created: 2021-08-21T00:19:29.000Z (over 3 years ago)
- Default Branch: main
- Last Pushed: 2021-08-23T16:57:08.000Z (over 3 years ago)
- Last Synced: 2024-08-05T17:25:07.144Z (4 months ago)
- Language: C
- Size: 14.6 KB
- Stars: 96
- Watchers: 2
- Forks: 25
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - alfarom256/BOF-ForeignLsass - (C)
README
### LSASS Dumping With Foreign Handles
You must be admin or system, blah blah blah.
This entire thing is predicated on another process having an open handle to LSASS, and you being able to open a handle to that process and duplicate their lsass' handle.
build with:
```
x86_64-w64-mingw32-gcc -c foreign_lsass.c -o foreign_lsass.x64.o
i686-w64-mingw32-gcc -c foreign_lsass.c -o foreign_lsass.x86.o
```
Sources:
ngl please don't judge my old (and current) awful code
https://github.com/alfarom256/lsassdump
https://skelsec.medium.com/duping-av-with-handles-537ef985eb03