@podalirius_ and I made GPP Passwords great again. We wrote a Python script, using Impacket, to find and decrypt passwords in Group Policy Preferences, without having to mount the remote share 👇[a thread]

➡️ github.com/SecureAuthCorp…
The script can be directly added to Impacket's examples (like in the PR above) but it can also be run as a standalone tool (clone the repo below)

github.com/ShutdownRepo/G…
Just like all other Impacket examples, the logging is color-less and it can be quite a mess (with the -debug option)

However, grc (github.com/garabik/grc) can bring colors to the output
Exegol (github.com/ShutdownRepo/E…) offers some grc configurations that are reeeeeally useful for tools like ntlmrelayx, secretsdump, and now Get-GPPPassword
Oh by the way, since Get-GPPPassword is based on Impacket, it can pass-the-hash, pass-the-key, pass-the-ticket and overpass-the-hash 💪
Want to learn about this (almost) 10 year old technique? read the following thehacker.recipes/active-directo…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Shutdown (Charlie Bromberg)

Shutdown (Charlie Bromberg) Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @_nwodtuhs

22 Apr
(infosec thread) one of my latest tweets was followed by some questions in my DMs. So let's answer those here and remind some concepts😈

I'll talk about pass-the-hash, pass-the-ticket, pass-the-key, overpass-the-hash, pass-the-cache, silver and golden tickets 👇
Pass-the-Hash (1/4) : NTLM (LM, LMv2, NTLM or NTLMv2 depending on the version) is an authentication protocol used by Windows and AD-DS. Users have passwords, which are stored in a hashed format (LM or NT hash depending on the security settings and version).
Pass-the-Hash (2/4) : when authenticating to a remote service, the password hash is used to compute a ChallengeResponse. The LM hash is used for the LM version of the protocol while the NT hash is used for LMv2, NTLM and NTLMv2.
Read 25 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!