Dump DPAPI
Dump DPAPI credentials using NetExec
You can dump DPAPI credentials using NetExec using the following option: --dpapi
. It will get all secrets from Credential Manager, Chrome, Edge, Firefox. --dpapi
supports the following options :
cookies : Collect every cookies in browsers
nosystem : Won't collect system credentials. This will prevent EDR from stopping you from looting passwords 🔥
You need at least local admin privilege on the remote target, use --local-auth if your user is a local account
Last updated