Exploit Pack - Documentation
  • Exploit Pack
    • Installation guide
    • License Activation
    • First steps
    • Running the network mapper
    • AutoPwn
    • UTF-8 Locator
    • Notepad
    • Reverse shell - One-liners
    • Hex Editor
    • GDB Connector
    • Log your actions
    • Exploits customization
    • Add a Proxy to Exploit Pack
    • Using Reverse Shells
    • XSS Agent - Tunnel
    • Advanced DLL Injections
    • VBS/PS Agent - Remote Access
    • VBS Agent Wizard
    • Exploit Development I
    • Exploit Development II
    • Exploit Development III
  • Control Pack
    • Installation guide
    • License Activation
    • First Steps: Configure Control Pack
    • Launch your first agent
    • Control Pack agent's code
    • Agent connection
    • Java Agent
    • Browser Agent
    • VBS Agent
    • .NET Profiler DLL Agent
    • How to use the DLL + UnHooker Agent
    • .NET shell
    • Python Shell
  • Kernel Pack
    • Installation guide
    • License Activation
    • First Steps: Configure Kernel Pack
    • Generating a new Rootkit
    • Deploying a Rootkit
    • Process hiding
    • Other features
Powered by GitBook
On this page

Was this helpful?

  1. Kernel Pack

Other features

PreviousProcess hiding

Last updated 4 days ago

Was this helpful?

Event Tracing for Windows (ETW)

Event Tracing for Windows (ETW) provides a mechanism for tracing and logging events generated by user-mode applications and kernel-mode drivers. ETW is implemented in the Windows operating system and provides developers with a versatile set of event tracing features.

We will disable that using Kernel Pack. To do that, go to the left menu "Events" and from the drop-down menu choose "Disable" and "Run command on..."

LSAAS Dump

Local Security Authority Subsystem Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.[2] It also writes to the Windows Security Log.

3DES keys

In cryptography, Triple DES (3DES or TDES), officially the Triple Data Encryption Algorithm (TDEA or Triple DEA), is a symmetric-key block cipher, which applies the DES cipher algorithm three times to each data block.

  • Dumping Credentials from LSASS using Kernel Pack:

  • In Kernel Pack, click on the "LSASS Dump" button on the left menu.

  • Select "Extract"

  • Click on the button labeled "Run command on [IP Address]", where the IP address corresponds to the connected target.

Kernel Pack will then dump the LSASS memory and attempt to extract credentials and 3DES keys.