kfosaaen / Get-LAPSPasswords

Powershell function to pull the local admin passwords from LDAP, stored there by LAPS.
114 stars 29 forks source link

Feature Request: Locate Users with Permissions #1

Open jbarcia opened 9 years ago

jbarcia commented 9 years ago

Is there a way to locate users with the permissions to view/decrypt the Local Admin passwords? Is this information stored in an AD Group that can be queried? This would provide a more targeted attack against those users.

kfosaaen commented 9 years ago

I'll take a look into it. I believe that you can query LDAP for users that have read access to the ms-MCS-AdmPwd parameter, but I haven't had a chance to look yet.

SoykaObecna commented 7 years ago

Gathering passwords using ADSI means that passwords are unprotected during transport. If you must use ADSI, always use IADsOpenDSObject interface and specify USE_SIGNING and USE_SEALING in OpenDSObject method. See https://msdn.microsoft.com/en-us/library/aa706065(v=vs.85).aspx for more details.