SharpLAPS – Retrieve LAPS Password From LDAP

August 5, 2021

SharpLAPS 1 screenshot 799806

The attribute ms-mcs-AdmPwd stores the clear-text LAPS password.

This executable is made to be executed within Cobalt Strike session using execute-assembly. It will retrieve the LAPS password from the Active Directory.

Require (either):

  • Account with ExtendedRight or Generic All Rights
  • Domain Admin privilege

Usage

LDAP host to target, most likely the DC Optional /user:<username> Username of the account /pass:<password> Password of the account /out:<file> Outputting credentials to file /ssl Enable SSL (LDAPS://) Usage: SharpLAPS.exe /user:DOMAINUser /pass:MyP@ssw0rd123! /host:192.168.1.1 “>

  _____ __                     __    ___    ____  _____
  / ___// /_  ____ __________  / /   /   |  / __ / ___/
  __ / __ / __ `/ ___/ __ / /   / /| | / /_/ /__ 
 ___/ / / / / /_/ / /  / /_/ / /___/ ___ |/ ____/___/ /
/____/_/ /_/__,_/_/  / .___/_____/_/  |_/_/    /____/
                     /_/
Required
/host:<1.1.1.1>  LDAP host to target, most likely the DC

Optional
/user:<username> Username of the account
/pass:<password> Password of the account
/out:<file>      Outputting credentials to file
/ssl             Enable SSL (LDAPS://)

Usage: SharpLAPS.exe /user:DOMAINUser /pass:MyP@ssw0rd123! /host:192.168.1.1

Download SharpLAPS

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source

You may have missed

news

Microsoft Addresses Four Critical Zero-Days in November Patch Tuesday Updates

November 14, 2024
news

AI Threat Worsening in 2025: Insights from Google Cloud

November 14, 2024
news

Lazarus Group’s Code Smuggling Technique Exploits Extended Attributes in macOS

November 14, 2024
news

Ethical Hacker or Not? Amazon MOVEit Leaker’s Controversial Claims

November 14, 2024
news

Hive0145 Targets Europe with Sophisticated Strela Stealer Campaigns

November 14, 2024