Packages and Binaries:
python3-dploot
Implement all the DPAPI logic of SharpDPAPI and DPAPI, usable with a Python interpreter.
Installed size: 276 KB
How to install: sudo apt install python3-dploot
Dependencies:
- python3
- python3-cryptography
- python3-impacket
- python3-lxml
- python3-pyasn1
dploot
root@kali:~# dploot -h
usage: dploot [-h] [-debug] [-quiet]
{certificates,credentials,masterkeys,vaults,backupkey,rdg,sccm,triage,machinemasterkeys,machinecredentials,machinevaults,machinecertificates,machinetriage,browser,wifi,mobaxterm}
...
DPAPI looting remotely in Python. Version 2.7.2
positional arguments:
{certificates,credentials,masterkeys,vaults,backupkey,rdg,sccm,triage,machinemasterkeys,machinecredentials,machinevaults,machinecertificates,machinetriage,browser,wifi,mobaxterm}
Action
certificates Dump users certificates from remote target
credentials Dump users Credential Manager blob from remote target
masterkeys Dump users masterkey from remote target
vaults Dump users Vaults blob from remote target
backupkey Backup Keys from domain controller
rdg Dump users saved password information for
RDCMan.settings from remote target
sccm Dump SCCM secrets (NAA, Collection variables, tasks
sequences credentials) from remote target
triage Loot Masterkeys (if not set), credentials, rdg,
certificates, browser and vaults from remote target
machinemasterkeys Dump system masterkey from remote target
machinecredentials Dump system credentials from remote target
machinevaults Dump system vaults from remote target
machinecertificates
Dump system certificates from remote target
machinetriage Loot SYSTEM Masterkeys (if not set), SYSTEM
credentials, SYSTEM certificates and SYSTEM vaults
from remote target
browser Dump users credentials and cookies saved in browser
from remote target
wifi Dump wifi profiles from remote target
mobaxterm Dump Passwords and Credentials from MobaXterm
options:
-h, --help show this help message and exit
-debug Turn DEBUG output ON
-quiet Only output dumped credentials
Updated on: 2024-May-28