how to decrpyt windows laps encryted password using c++ using ADSI services(crypt32.lib)?

Dinesh Kumar A 10 Reputation points
2023-10-25T10:48:32.92+00:00
while ((hr = pDirSearch->GetNextRow(hSearch2)) == S_OK)
		{
			ADS_SEARCH_COLUMN controlCol;
			hr = pDirSearch->GetColumn(hSearch2, L"msLAPS-EncryptedPassword", &controlCol);
			if (controlCol.dwNumValues > 0)
			{
				for (DWORD i = 0; i < controlCol.dwNumValues; ++i)
				{
					wprintf(L"distinguishedName: %s\n", controlCol.pADsValues[i].OctetString.lpValue);
					DATA_BLOB DataIn;
					DATA_BLOB DataOut;
					LPWSTR pDescrOut = NULL;
					// Ensure that pbDataInput points to the octet string and cbDataInput is the correct length
					BYTE* pbDataInput = (BYTE*)controlCol.pADsValues[i].OctetString.lpValue;
					DWORD cbDataInput = controlCol.pADsValues[i].OctetString.dwLength;

					// Initialize the DataIn structure.
					DataIn.pbData = pbDataInput;
					DataIn.cbData = cbDataInput;
					if (CryptUnprotectData(
						&DataIn,
						&pDescrOut,
						NULL,                 // Optional entropy
						NULL,                 // Reserved
						NULL,                 // Here, the optional 
						// prompt structure is not
						// used.
						0,
						&DataOut))
					{
						printf("The decrypted data is: %s\n", DataOut.pbData);
						printf("The description of the data was: %s\n", pDescrOut);
						LocalFree(DataOut.pbData);
						LocalFree(pDescrOut);
					}
					LPVOID lpMsgBuf;
					LPVOID lpDisplayBuf;
					DWORD dw = GetLastError();

					FormatMessage(
						FORMAT_MESSAGE_ALLOCATE_BUFFER |
						FORMAT_MESSAGE_FROM_SYSTEM |
						FORMAT_MESSAGE_IGNORE_INSERTS,
						NULL,
						dw,
						MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
						(LPTSTR)&lpMsgBuf,
						0, NULL);

					// Display the error message and exit the process

					lpDisplayBuf = (LPVOID)LocalAlloc(LMEM_ZEROINIT,
						(lstrlen((LPCTSTR)lpMsgBuf) + lstrlen((LPCTSTR)"CryptUnprotectData") + 40) * sizeof(TCHAR));
					StringCchPrintf((LPTSTR)lpDisplayBuf,
						LocalSize(lpDisplayBuf) / sizeof(TCHAR),
						TEXT("%s failed with error %d: %s"),
						(LPCTSTR)"CryptUnprotectData", dw, lpMsgBuf);
					MessageBox(NULL, (LPCTSTR)lpDisplayBuf, TEXT("Error"), MB_OK);
				}
			}
		}

I am trying to decrypt "msLAPS-EncryptedPassword" attribute using c++(CryptUnprotectData method),But cant able to decrypt is there any procedure to follow to decrypt laps password.
It throws ""error 13 .Data is invalid" Did I miss something?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,417 questions
Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,476 questions
{count} votes