mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-16 01:38:20 +00:00
Merge pull request #503 from Processus-Thief/master
adding hekatomb project to DPAPI
This commit is contained in:
commit
269ac0e9a5
2 changed files with 12 additions and 0 deletions
BIN
.gitbook/assets/HEKATOMB.PNG
Normal file
BIN
.gitbook/assets/HEKATOMB.PNG
Normal file
Binary file not shown.
After Width: | Height: | Size: 60 KiB |
|
@ -173,6 +173,18 @@ dpapi::chrome /in:"c:\users\spotless.offense\appdata\local\Google\Chrome\User Da
|
|||
You can find an example of how to encrypt and decrypt data with DAPI using mimikatz and C++ in [https://www.ired.team/offensive-security/credential-access-and-credential-dumping/reading-dpapi-encrypted-secrets-with-mimikatz-and-c++](https://www.ired.team/offensive-security/credential-access-and-credential-dumping/reading-dpapi-encrypted-secrets-with-mimikatz-and-c++#using-dpapis-to-encrypt-decrypt-data-in-c)\
|
||||
You can find an example on how to encrypt and decrypt data with DPAPI using C# in [https://docs.microsoft.com/en-us/dotnet/standard/security/how-to-use-data-protection](https://docs.microsoft.com/en-us/dotnet/standard/security/how-to-use-data-protection)
|
||||
|
||||
## HEKATOMB
|
||||
|
||||
[**HEKATOMB**](https://github.com/Processus-Thief/HEKATOMB) is a tool that automates the extraction of all users and computers from the LDAP directory and the extraction of domain controller backup key through RPC. The script will then resolve all computers ip address and perform a smbclient on all computers to retrieve all DPAPI blobs of all users and decrypt everything with domain backup key.
|
||||
|
||||
```python3 hekatomb.py -hashes :ed0052e5a66b1c8e942cc9481a50d56 DOMAIN.local/administrator@10.0.0.1 -debug -dnstcp```
|
||||
|
||||
With extracted from LDAP computers list you can find every sub network even if you didn't know them !
|
||||
|
||||
"Because Domain Admin rights are not enough. Hack them all."
|
||||
|
||||
![](<../../.gitbook/assets/HEKATOMB.png>)
|
||||
|
||||
## DonPAPI
|
||||
|
||||
[**DonPAPI**](https://github.com/login-securite/DonPAPI) can dump secrets protected by DPAPI automatically.
|
||||
|
|
Loading…
Reference in a new issue