DPAPI Secrets
ABOUT
DPAPI Secrets could be any data, as example browser creds, password manager data, vault creds.

LINUX
We'll be decrypting Secret with impacket's dpapi tool.
For decrypting DPAPI secret we need 3 things, and 2 of them are files which we need to install:
Masterkey (filename is guid)
DPAPI Secret
SID of user encrypted (directory where Secret located)
One of 5 things from scheme above, I'll use password for example.
Decrypting Secret
Decrypting Masterkey with password's hash and SID
impacket-dpapi masterkey -file 556a2412-1275-4ccf-b721-e6a0b4f90407 -password 'password123' -sid S-1-5-21-1487982659-1829050783-2281216199-1107
Using decrypted Masterkey to decrypt Secret
impacket-dpapi credential -f C8D69EBE9A43E9DEBF6B5FBD48B521B9 -key 0xd9a570722fbaf7149f9f9d691b0e137b7413c1414c452f9c77d6d8a8ed9efe3ecae990e047debe4ab8cc879e8ba99b31cdb7abad28408d8d9cbfdcaf319e9c84
WINDOWS
For Windows I only used SharpDPAPI for triaging certificates
SharpDPAPI
.\SharpDPAPI.exe triage
RESOURCES
Last updated