dploot

dploot is Python rewrite of SharpDPAPI written un C# by Harmj0y, which is itself a port of DPAPI from Mimikatz by gentilkiwi. It implements all the DPAPI logic of these tools, but this time it is usable with a python interpreter and from a Linux environment.

Not as a domain administrator

If domain admin privileges have not been obtained (yet), use lsassy to harvest decrypted masterkeys:

lsassy -u Administrator -p 8WA4q0pm 10.10.121.107 -m rdrleakdiag -M masterkeys

Then you can use this masterkey file to loot the targeted computer, for example with User Triage commands:

Dumping browser (Google Chrome) credentials

Using the same methodology we can also remotely dump browser credentials.

First gather masterkeys as shown above. Then do the following:

Tooling

• https://github.com/zblurx/dploot

• https://github.com/Hackndo/lsassy