-
Notifications
You must be signed in to change notification settings - Fork 365
gppass
skelsec edited this page Apr 12, 2021
·
2 revisions
Decrypts the cpassword value which can be found in some GPO files. Just a helper utility really.
Found it useful on some security assessments.
You will have to find the encrypted password first. These can be located on the domain controller file share (accessible by everyone) or cached on a domain-joined machine.
None
None
-
pypykatz gppass <base64_enc_password>: Decrypts the <base64_enc_password>