RepoMirrors
/
DonPAPI
mirror of https://github.com/login-securite/DonPAPI
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixing typos

This commit is contained in:
Login Securite 2021-11-18 10:59:43 +01:00 committed by GitHub
parent e4f3c9be09
commit 01ad18dcf1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
readme.md
View File

@ -6,7 +6,7 @@ Dumping revelant information on compromised targets without AV detection
## DPAPI dumping
Lots of credentials are protected by [DPAPI](https://docs.microsoft.com/en-us/dotnet/standard/security/how-to-use-data-protection).
We aim at locating those "secured" credentials, and retreive them using :
We aim at locating those "secured" credentials, and retrieve them using :
- User password
- Domaine DPAPI BackupKey
- Local machine DPAPI Key (protecting `TaskScheduled` blob)
@ -84,10 +84,10 @@ DonPAPI.py -credz credz_file.txt domain/user:passw0rd@target
When a domain admin user is available, it is possible to dump the domain backup key using impacket `dpapi.py` tool.
```bash
dpapi.py backupkey --export
dpapi.py backupkeys --export -t domain/user:passw0rd@target_dc_ip
```
This backup key can then be used to dump all domain user's secrets!
This backup key (pvk file) can then be used to dump all domain user's secrets!
`python DonPAPI.py -pvk domain_backupkey.pvk domain/user:passw0rd@domain_network_list`