Forum Thread: How to Do a Procdump of Lsass Without Admin Rights


I've looked around to find a way to do a procdump of lsass without having admin rights, but so far nothing's come up... Does anyone knows hot to do it?


2 Responses

lsass is a core SYSTEM level process used by the OS, this means that if you want any kind of access to it, you'll need to have the correct access token privileges. The only way you can get that access level without administrative privileges is either through some kind of privilege exploitation which gets you those privileges or through an existing ring0 rootkit on the system (which also has those same privileges). If you had done your research, you should already know this by now.

thanks, i would do that, but the tools, how do i install them?

Share Your Thoughts

  • Hot
  • Active