DPAPI
Require Local admin privileges or DA privs
The Data Protection Application Programming Interface or DPAPI is a set of APIs in Windows operating systems used to encrypt and decrypt DPAPI data blobs on a per-user basis for Windows OS features and various third-party applications. Here are just a few examples of applications that use DPAPI and what they use it for:
Applications | Use of DPAPI |
---|---|
| Password form auto-completion data (username and password for saved sites). |
| Password form auto-completion data (username and password for saved sites). |
| Passwords for email accounts. |
| Saved credentials for connections to remote machines. |
| Saved credentials for accessing shared resources, joining Wireless networks, VPNs and more. |
Tools
dploot
Donpapi
exegol-CPTS /workspace # DonPAPI "$DOMAIN"/"$USER":"$PASSWORD"@"$TARGET"
Netexec - CME
NetExec - CMELast updated