Overview
Display the current logon session identifier (LUID) for the active process. This utility command helps identify the current session context for targeting ticket operations and session management.Syntax
Examples
LUID Information
Logon Session Identifier
Logon Session Identifier
LUID Characteristics:
- Unique identifier for each logon session
- Assigned by Local Security Authority (LSA)
- Hexadecimal format (e.g., 0x12345)
- Used for session-specific operations
- Interactive logons (user desktop sessions)
- Network logons (remote authentication)
- Service logons (service account sessions)
- System sessions (SYSTEM account)
Use Cases
Session Identification
Session Identification
Operational Context:
- Identify current session for ticket operations
- Target specific sessions for credential extraction
- Understand session context for privilege operations
- Plan cross-session ticket injection
- Use LUID for targeted dump operations
- Specify session for ticket injection
- Identify sessions for monitoring
- Plan session-specific operations
Integration Workflows
Session-Aware Operations
Session-Aware Operations
Complete Workflow:
Session Analysis
Session Analysis
Multi-Session Operations:
Session Context
Session Information
Session Information
LUID Significance:
- Each logon creates unique LUID
- Sessions maintain separate credential caches
- Cross-session operations require elevation
- LUID persists for session lifetime
- 0x3e7: SYSTEM session
- 0x3e4: LOCAL SERVICE session
- 0x3e5: NETWORK SERVICE session
- Higher values: User sessions
Related Commands
logonsession- Enumerate all logon sessionsdump- Extract tickets from specific LUIDptt- Inject tickets into specific LUIDklist- List tickets for specific LUID