SharpLAPS - Retrieve LAPS Password From LDAP
The attribute ms-mcs-AdmPwd stores the clear-text LAPS password.
This executable is made to be executed within Cobalt Strike session using execute-assembly
. It will retrieve the LAPS password from the Active Directory.
Require (either):
- Account with
ExtendedRight
orGeneric All Rights
- Domain Admin privilege
LDAP host to target, most likely the DC Optional /user:<username> Username of the account /pass:<password> Password of the account /out:<file> Outputting credentials to file /ssl Enable SSL (LDAPS://) Usage: SharpLAPS.exe /user:DOMAIN\User /pass:MyP@ssw0rd123! /host:192.168.1.1 ">
_____ __ __ ___ ____ _____
/ ___// /_ ____ __________ / / / | / __ \/ ___/
\__ \/ __ \/ __ `/ ___/ __ \/ / / /| | / /_/ /\__ \
___/ / / / / /_/ / / / /_/ / /___/ ___ |/ ____/___/ /
/____/_/ /_/\__,_/_/ / .___/_____/_/ |_/_/ /____/
/_/
Required
/host:<1.1.1.1> LDAP host to target, most likely the DC
Optional
/user:<username> Username of the account
/pass:<password> Password of the account
/out:<file> Outputting credentials to file
/ssl Enable SSL (LDAPS://)
Usage: SharpLAPS.exe /user:DOMAIN\User /pass:MyP@ssw0rd123! /host:192.168.1.1
SharpLAPS - Retrieve LAPS Password From LDAP
Reviewed by Zion3R
on
8:30 AM
Rating:
![SharpLAPS - Retrieve LAPS Password From LDAP](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9V5mUZHr2RS6SLjP5u0PoWNTTUHzeYIAhEpHZLA-jQWki_uY9RwK1-0flMhzqT03LkKYYkPaisTDZjPZfZjiy3KL-8Nd2cnAD0afhLUij5TXGmB8ZJFT0z5KwKXQyJ_xpvsVeAmhPDwAH/s72-w640-c-h182/SharpLAPS_1_screenshot-799806.png)