Retrieve LAPS password from LDAP

Go to file

Swissky 41e468fce1 Merge pull request #1 from onSec-fr/main Fix Args Check & Add Computer filter		2021-02-17 15:31:21 +01:00
.github	Fix n°3 - GithubAction	2021-02-16 19:05:41 +01:00
Screenshot	README + Usage	2021-02-16 18:48:56 +01:00
SharpLAPS	Fix Args Check & Add Computer filter	2021-02-17 15:28:00 +01:00
LICENSE	Initial commit	2021-02-16 18:27:42 +01:00
README.md	Github Action + Screenshot	2021-02-16 18:55:32 +01:00
SharpLAPS.sln	README + Usage	2021-02-16 18:48:56 +01:00

README.md

SharpLAPS

The attribute ms-mcs-AdmPwd stores the clear-text LAPS password.

This executable is made to be executed within Cobalt Strike session using execute-assembly. It will retrieve the LAPS password from the Active Directory.

Require (either):

Account with ExtendedRight or Generic All Rights
Domain Admin privilege

Usage

  _____ __                     __    ___    ____  _____
  / ___// /_  ____ __________  / /   /   |  / __ \/ ___/
  \__ \/ __ \/ __ `/ ___/ __ \/ /   / /| | / /_/ /\__ \
 ___/ / / / / /_/ / /  / /_/ / /___/ ___ |/ ____/___/ /
/____/_/ /_/\__,_/_/  / .___/_____/_/  |_/_/    /____/
                     /_/
Required
/host:<1.1.1.1>  LDAP host to target, most likely the DC

Optional
/user:<username> Username of the account
/pass:<password> Password of the account
/out:<file>      Outputting credentials to file
/ssl             Enable SSL (LDAPS://)

Usage: SharpLAPS.exe /user:DOMAIN\User /pass:MyP@ssw0rd123! /host:192.168.1.1

README.md

SharpLAPS

Usage

Screenshot