adding hekatomb project to DPAPI

adding Hekatomb project to DPAPI section to automates credentials extraction and decryption using LDAP computers and users and domain controller private key.
This commit is contained in:
Processus Thief 2022-09-18 13:34:31 +02:00
parent 1f921f68b9
commit 07f5eb28e6
2 changed files with 12 additions and 0 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 60 KiB

View file

@ -173,6 +173,18 @@ dpapi::chrome /in:"c:\users\spotless.offense\appdata\local\Google\Chrome\User Da
You can find an example of how to encrypt and decrypt data with DAPI using mimikatz and C++ in [https://www.ired.team/offensive-security/credential-access-and-credential-dumping/reading-dpapi-encrypted-secrets-with-mimikatz-and-c++](https://www.ired.team/offensive-security/credential-access-and-credential-dumping/reading-dpapi-encrypted-secrets-with-mimikatz-and-c++#using-dpapis-to-encrypt-decrypt-data-in-c)\
You can find an example on how to encrypt and decrypt data with DPAPI using C# in [https://docs.microsoft.com/en-us/dotnet/standard/security/how-to-use-data-protection](https://docs.microsoft.com/en-us/dotnet/standard/security/how-to-use-data-protection)
## HEKATOMB
[**HEKATOMB**](https://github.com/Processus-Thief/HEKATOMB) is a tool that automates the extraction of all users and computers from the LDAP directory and the extraction of domain controller backup key through RPC. The script will then resolve all computers ip address and perform a smbclient on all computers to retrieve all DPAPI blobs of all users and decrypt everything with domain backup key.
```python3 hekatomb.py -hashes :ed0052e5a66b1c8e942cc9481a50d56 DOMAIN.local/administrator@10.0.0.1 -debug -dnstcp```
With extracted from LDAP computers list you can find every sub network even if you didn't know them !
"Because Domain Admin rights are not enough. Hack them all."
![](<../../.gitbook/assets/HEKATOMB.png>)
## DonPAPI
[**DonPAPI**](https://github.com/login-securite/DonPAPI) can dump secrets protected by DPAPI automatically.