-
Notifications
You must be signed in to change notification settings - Fork 363
dpapi credential command
skelsec edited this page Apr 13, 2021
·
2 revisions
Decrypts a credential file using the (already decrypted) masterkey file.
- standalone file, inside it there is a DPAPI_BLOB.
- DPAPI_BLOB can be decrypted with the corresponding masterkey
- After decryption you'll find a CREDENTIAL_BLOB strucutre.
- CREDENTIAL_BLOB strucutre has the plaintext secrets, but it's not possible to tell in which filed they are stored. You'll need to check them by hand :)
- Decrypted Mastekey file (I hope you haven't forgot to use
-o) - The credential file
None
None
-
pypykatz dpapi credential mkf.json cred: Decrypts the credentials file.