compressedCredBandit is a modified version of anthemtotheego's proof of concept Beacon Object File (BOF). This version does all that the original did with the addition of compressing the data to reduce the size of the dump that must be transfered.
See the original project for additional details:
Building the project
cd src make
Dump to cs console:
Dump to file on remote system:
compressedCredDump [PID] [PATH]
Use the cleanupMiniDump.sh Script to clean up the retrieved file, which should be in the root of your teamserver's directory.
- Copy the dumpFile.txt file to a working directory.
- Run the cleanupMiniDump.sh script and specify the path to the dump file.
- Use the decompress Visual Studio project to decompress the dump file.