sekurlsa::minidump from nanodump output file
yasminenicol opened this issue · comments
i am using nanodump for dumping lsass.exe. everything is ok, but when i get to mimikatz by following command,got error:
mimikatz.exe "sekurlsa::minidump <path/to/dumpfile>" "sekurlsa::logonPasswords full" exit
mimikatz error: ERROR kuhl_m_sekurlsa_acquireLSA ; Memory opening
i use "x64 nanodump ssp dll", and AddSecurityPackage winapi for attaching to lsass
when i was testing all way's, detect that nanodump specified dump file size(default=>report.docx),is different from procmon.exe Full and Mini dump output.
my test:
procmon full = 71 MB ,procmon mini = 1.6 MB
nanodump = 11 MB
The SSP module creates a dump file with an invalid signature by default.
Have you tried to restore the signature using the scripts/restore_signature
?
The SSP module creates a dump file with an invalid signature by default. Have you tried to restore the signature using the
scripts/restore_signature
?
very thanks, I'm not familiar with signatures, this approach solved my problem, thanks :)) @S4ntiagoP
Great!