LSAExplorer is a C# .NET tool designed to interact with the Windows Local Security Authority (LSA), manipulate privileges, impersonate tokens, and access sensitive registry secrets. It provides detailed insights into LSA secrets and allows for privilege elevation for advanced operations.
- LSA Secret Management: Access and retrieve sensitive LSA secrets and their timestamps from the registry.
- Privilege Elevation: Elevate the current process to SYSTEM-level privileges using token manipulation.
- Token Impersonation: Open and duplicate tokens to impersonate logged-on users.
- Registry Secret Access: Interact with and retrieve registry keys under
HKLM\SECURITY\Policy\Secrets. - Winlogon Process Query: Automatically locate the
winlogonprocess ID for SYSTEM impersonation.
-
Clone the repository:
git clone https://github.com/yourusername/LSAExplorer.git cd LSAExplorer -
Open the solution in Visual Studio.
-
Build the project for your target platform (x64/x86).
-
Run the compiled executable with Administrator privileges.
-
Launch the executable with elevated privileges:
LSAExplorer.exe
-
The tool will:
- Attempt to open and query registry keys under
HKLM\SECURITY\Policy\Secrets. - Elevate privileges to SYSTEM if required (optional).
- Read and display LSA secrets, including current and old values along with timestamps.
- Attempt to open and query registry keys under
-
Logs and output will be displayed in the console.
This tool is intended for Ethical and Educational Use Only!
Use it only in environments where you have explicit permission to perform security operations.
The author are not liable for any misuse or damages caused by this tool.
LSAExplorer is released under the MIT License.