Rapid7 VulnDB

SMB Group Policy Preference Saved Passwords Enumeration

Back to Search

SMB Group Policy Preference Saved Passwords Enumeration

Created
05/30/2018

Description

This module enumerates files from target domain controllers and connects to them via SMB. It then looks for Group Policy Preference XML files containing local/domain user accounts and passwords and decrypts them using Microsofts public AES key. This module has been tested successfully on a Win2k8 R2 Domain Controller.

Author(s)

  • Joshua D. Abraham <jabra@praetorian.com>

Development

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use auxiliary/scanner/smb/smb_enum_gpp
msf auxiliary(smb_enum_gpp) > show actions
    ...actions...
msf auxiliary(smb_enum_gpp) > set ACTION < action-name >
msf auxiliary(smb_enum_gpp) > show options
    ...show and set options...
msf auxiliary(smb_enum_gpp) > run 

Time is precious, so I don’t want to do something manually that I can automate. Leveraging the Metasploit Framework when automating any task keeps us from having to re-create the wheel as we can use the existing libraries and focus our efforts where it matters.

– Jim O’Gorman | President, Offensive Security

;