Reader small image

You're reading from  Pentesting Active Directory and Windows-based Infrastructure

Product typeBook
Published inNov 2023
PublisherPackt
ISBN-139781804611364
Edition1st Edition
Concepts
Right arrow
Author (1)
Denis Isakov
Denis Isakov
author image
Denis Isakov

Denis Isakov is a passionate security professional with 10+ years of experience ranging from incident response to penetration testing. He worked in various industries, including banking and consultancy. Denis is specialized in offensive security with particular focus on Active Directory and adversary malware. He has earned a Master's degree in Information Systems and Technologies in 2012. Additionally, Denis has achieved an array of industry certifications ranging from OSCP to GXPN. Outside of computers, Denis enjoys sports and discovering new places.
Read more about Denis Isakov

Right arrow

Dumping user credentials in clear text via DPAPI

Let us go through a scenario. Following internal security policies and after security awareness training, users started using Credential Manager in Windows instead of password.txt files. Credential Manager is a built-in password manager in Windows that uses the Data Protection API (DPAPI). DPAPI allows programs, such as Chrome or RDP, to store sensitive data transparently. This data is stored in a user’s directory and is encrypted by a key that is derived from the user’s password. Our target user, khal.drogo, had credentials in their Credential Manager for SQL system administrator (SA) account. An adversary has compromised the user with domain admin privileges and intends to pull the sa password in clear text. There are three attack scenarios:

  • Obtain khal.drogo’s master key and then decrypt
  • Extract all local master keys if you have local administrator privileges
  • Extract all backup master keys with...
lock icon
The rest of the page is locked
Previous PageNext Page
You have been reading a chapter from
Pentesting Active Directory and Windows-based Infrastructure
Published in: Nov 2023Publisher: PacktISBN-13: 9781804611364

Author (1)

author image
Denis Isakov

Denis Isakov is a passionate security professional with 10+ years of experience ranging from incident response to penetration testing. He worked in various industries, including banking and consultancy. Denis is specialized in offensive security with particular focus on Active Directory and adversary malware. He has earned a Master's degree in Information Systems and Technologies in 2012. Additionally, Denis has achieved an array of industry certifications ranging from OSCP to GXPN. Outside of computers, Denis enjoys sports and discovering new places.
Read more about Denis Isakov