dpapi::wwman decrypts Wwan credentials. It has the following command line argument:
dpapi::wwman
/in: The Wwan XML profile. The XML file location is C:\ProgramData\Microsoft\Wlansvc\Profiles{interface guid}\*.xml
/in
C:\ProgramData\Microsoft\Wlansvc\Profiles{interface guid}\*.xml
/password: the password to decrypt the wwan credentials
/password
/masterkey: the masterkey to use for decryption. It can be obtained through sekurlsa::dpapiarrow-up-right.
/masterkey
sekurlsa::dpapi
/unprotect: display the decryption results on screen
/unprotect
mimikatz# dpapi::wwan /in:"C:\ProgramData\Microsoft\Wlansvc\Profiles{interface guid}\*.xml" /unprotect
Last updated 4 years ago
