SharpLAPS – Retrieve LAPS Password From LDAP

August 5, 2021

SharpLAPS 1 screenshot 799806

The attribute ms-mcs-AdmPwd stores the clear-text LAPS password.

This executable is made to be executed within Cobalt Strike session using execute-assembly. It will retrieve the LAPS password from the Active Directory.

Require (either):

  • Account with ExtendedRight or Generic All Rights
  • Domain Admin privilege

Usage

LDAP host to target, most likely the DC Optional /user:<username> Username of the account /pass:<password> Password of the account /out:<file> Outputting credentials to file /ssl Enable SSL (LDAPS://) Usage: SharpLAPS.exe /user:DOMAINUser /pass:MyP@ssw0rd123! /host:192.168.1.1 “>

  _____ __                     __    ___    ____  _____
  / ___// /_  ____ __________  / /   /   |  / __ / ___/
  __ / __ / __ `/ ___/ __ / /   / /| | / /_/ /__ 
 ___/ / / / / /_/ / /  / /_/ / /___/ ___ |/ ____/___/ /
/____/_/ /_/__,_/_/  / .___/_____/_/  |_/_/    /____/
                     /_/
Required
/host:<1.1.1.1>  LDAP host to target, most likely the DC

Optional
/user:<username> Username of the account
/pass:<password> Password of the account
/out:<file>      Outputting credentials to file
/ssl             Enable SSL (LDAPS://)

Usage: SharpLAPS.exe /user:DOMAINUser /pass:MyP@ssw0rd123! /host:192.168.1.1

Download SharpLAPS

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source

You may have missed

CISA Logo

CISA: Foreign Threat Actor Conducting Large-Scale Spearphishing Campaign with RDP Attachments

November 22, 2024
image

[RANSOMHUB] – Ransomware Victim: blr[.]com

November 22, 2024
hackerone

HackerOne Bug Bounty Disclosure: std-process-command-batch-files-argument-escaping-could-be-bypassed-with-trailing-whitespace-or-periods–xpl-r-r

November 22, 2024
image

[LOCKBIT3] – Ransomware Victim: madison-home[.]com

November 22, 2024
image

[CHORT] – Ransomware Victim: sheboyganwi[.]gov

November 22, 2024