SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
Switch branches/tags
Nothing to show
Clone or download
Latest commit d4c8d39 Aug 22, 2018
Permalink
Failed to load latest commit information.
SharpDPAPI initial release Aug 22, 2018
.gitignore initial release Aug 22, 2018
LICENSE initial release Aug 22, 2018
README.md initial release Aug 22, 2018
SharpDPAPI.sln initial release Aug 22, 2018

README.md

SharpDPAPI


SharpDPAPI is a C# port of the DPAPI backup key retrieval logic (lsadump::backupkeys) from @gentilkiwi's Mimikatz project.

I did not come up with this logic, it is simply a port from Mimikatz in order to better understand the process.

You will need administrative rights on the domain controller you're attempting to retrieve the DPAPI backup key for.

@harmj0y is the primary author of this port.

SharpDPAPI is licensed under the BSD 3-Clause license.

Usage

Retrieve the DPAPI backup key for the current DC:

C:\Temp>SharpDPAPI.exe backupkey

  [*] Current domain controller    : PRIMARY.testlab.local
  [*] Preferred backupkey Guid     : 32d021e7-ab1c-4877-af06-80473ca3e4d8
  [*] Full preferred backupKeyName : G$BCKUPKEY_32d021e7-ab1c-4877-af06-80473ca3e4d8
  [*] Key :
            HvG1sAAAAAABAAAAAAAAAAAA...

This base64 key blob can be decoded to a binary .pvk file that can then be used with Mimikatz' dpapi::masterkey /in: /pvk:backupkey.pvk module

Retrieve the DPAPI backup key for the specified DC, output to a file:

C:\Temp>SharpDPAPI.exe backupkey server=primary.testlab.local file=backupkey.pvk

  [*] Using server                 : primary.testlab.local
  [*] Preferred backupkey Guid     : 32d021e7-ab1c-4877-af06-80473ca3e4d8
  [*] Full preferred backupKeyName : G$BCKUPKEY_32d021e7-ab1c-4877-af06-80473ca3e4d8
  [*] Backup key written to        : backupkey.pvk

Compile Instructions

We are not planning on releasing binaries for SharpDPAPI, so you will have to compile yourself :)

SharpDPAPI has been built against .NET 3.5 and is compatible with Visual Studio 2015 Community Edition. Simply open up the project .sln, choose "release", and build.