create 🛠️
Last updated
Last updated
dpapi::create creates a DPAPI Masterkey file from raw key and metadata. It comes in handy when you want to decrypt a victim's DPAPI secrets locally in your machine. CoreSecurity has published a on how you can clone the Google Chrome Victim's session and decrypt it from your own box. Benjamin has also how you can recreate masterkeys on your own machine to steal browser sessions and bypass 2FA. It has the following command line arguments:
/sid: the Security Identifier of the target user
/md4: the MD4 key
/key: The masterkey. It can be obtained through ``
/sha1: the SHA1 key. It can be obtained through ``
/hash: the SHA1 hash of YOUR password when porting the victim's DPAPI files to your system
/dpapi: TODO 🛠️
/guid: the user's GUID. it can be obtained through . it is also the szGuid output value of the dpapi::masterkey in:"C:\Users<UserName>\AppData\Roaming\Microsoft\Protect\SID\MasterKey_ID" /rpc
/system: the DPAPI_SYSTEM key. It can be found through
/password: This is YOUR password when porting the victim's DPAPI files to your system
/protected: it defines the user account as a protected one