Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,134 questions
Why decryption of computer's LAPS of(xxx.com) not working in my computer(yyy.com) ,but it works fine in DC of xxx.com ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 79%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDK%3C/text%3E%3C/svg%3E)
Dinesh Kumar A
5
Reputation points
#include "stdafx.h"
#include <iostream>
#include <windows.h>
#include <comdef.h>
#include <ActiveDS.h>
#include <dpapi.h>
#include <ncryptprotect.h>
#include <strsafe.h>
SECURITY_STATUS __stdcall Pfncryptstreamoutputcallback(
void* pvCallbackCtxt,
const BYTE* pbData,
SIZE_T cbData,
BOOL fFinal
) {
std::cout << "Total Objects: 12 " << "\n";
// Assuming you have already allocated memory for the data buffer
for (size_t i = 0; i < cbData; ++i) {
printf("%c", pbData[i]);
}
// Don't forget to free the allocated memory
return ERROR_SUCCESS;
}
int _tmain(int argc, _TCHAR* argv[])
{
CoInitialize(NULL);
HRESULT hr = S_OK;
IDirectorySearch* pDirSearch = NULL;
LPCWSTR username = L"xxx";
LPCWSTR password = L"xxx!";
LPWSTR path = L"LDAP://xxxx/DC=xxx,DC=com";
hr = ADsOpenObject(path, username, password, ADS_SECURE_AUTHENTICATION, IID_IDirectorySearch, (void**)&pDirSearch);
if (SUCCEEDED(hr))
{
LPWSTR QueryStr = new WCHAR[256];
wcscpy(QueryStr, L"(cn=G-TEAM)");
LPWSTR attributes[] = { L"distinguishedName", L"msLAPS-EncryptedPassword" };
DWORD attributeCount = sizeof(attributes) / sizeof(LPWSTR);
ADS_SEARCH_HANDLE hSearch2;
ADS_SEARCH_COLUMN col{};
ADS_SEARCHPREF_INFO SearchPref[3];
SearchPref[0].dwSearchPref = ADS_SEARCHPREF_SEARCH_SCOPE;
SearchPref[0].vValue.dwType = ADSTYPE_INTEGER;
SearchPref[0].vValue.Integer = ADS_SCOPE_SUBTREE;
SearchPref[1].dwSearchPref = ADS_SEARCHPREF_PAGESIZE;
SearchPref[1].vValue.dwType = ADSTYPE_INTEGER;
SearchPref[1].vValue.Integer = 1000;
SearchPref[2].dwSearchPref = ADS_SEARCHPREF_CACHE_RESULTS;
SearchPref[2].vValue.dwType = ADSTYPE_BOOLEAN;
SearchPref[2].vValue.Boolean = FALSE;
pDirSearch->SetSearchPreference(SearchPref, 3);
hr = pDirSearch->ExecuteSearch(QueryStr, attributes, attributeCount, &hSearch2);
int count = 0;
while ((hr = pDirSearch->GetNextRow(hSearch2)) == S_OK)
{
ADS_SEARCH_COLUMN controlCol;
hr = pDirSearch->GetColumn(hSearch2, L"msLAPS-EncryptedPassword", &controlCol);
std::cout << "Total Objects1: " << count << "\n";
if (controlCol.dwNumValues > 0)
{
for (DWORD i = 0; i < controlCol.dwNumValues; ++i)
{
NCRYPT_PROTECT_STREAM_INFO info;
info.pfnStreamOutput = &Pfncryptstreamoutputcallback;
info.pvCallbackCtxt = NULL;
NCRYPT_STREAM_HANDLE handle;
SECURITY_STATUS ret;
ret = NCryptStreamOpenToUnprotect(&info, NCRYPT_SILENT_FLAG, NULL, &handle);
BYTE* encryptedPass = static_cast<BYTE*>(controlCol.pADsValues[i].OctetString.lpValue);
SIZE_T encryptedPassLength1 = 0;
SIZE_T encryptedPassLength = controlCol.pADsValues[i].OctetString.dwLength;
for (size_t i = 0; i < encryptedPassLength; ++i) {
printf("%02X ", encryptedPass[i]);
}
std::cout << "Encrpted PassLength: " << encryptedPassLength << "\n";
std::cout << "Total Objects5: " << count << "\n";
if (ret == ERROR_SUCCESS) {
SIZE_T offset = 16;
SIZE_T sizeToCopy = encryptedPassLength - offset;
BYTE* alloc = (BYTE*)LocalAlloc(LPTR, sizeToCopy);
if (alloc != nullptr) {
memcpy(alloc, encryptedPass + offset, sizeToCopy);
}
SIZE_T size = LocalSize(alloc);
if (size != 0) {
printf("Allocated size: %u bytes\n", size);
}
for (size_t i = 0; i < sizeToCopy; ++i) {
printf("%02X ", alloc[i]);
}
std::cout << "Total Objects10: " << count << "\n";
ret = NCryptStreamUpdate(handle, alloc, encryptedPassLength - offset, TRUE);
}
if (hSearch2)pDirSearch->CloseSearchHandle(hSearch2);
if (pDirSearch)pDirSearch->Release();
}
}
}
}
CoUninitialize();
return 0;
}
While executing NCryptStreamUpdate() it fails in my computer but works fine in actual DC of G-team computer why decryption fails?Is Decryption of computer only possible in domain joined computers?
I am inquiring about the decryption of LAPS (Local Administrator Password Solution), and I would like to know if attempting decryption of LAPS passwords would violate Microsoft's policies. We are interested in providing a LAPS feature for our customers to view decrypted passwords. As we haven't found any official documentation on how to decrypt LAPS passwords using CNG DPAPI , we have studied the 'Get-LAPSADPassword' cmdlet to understand the encryption process to decrypt it using c++ instead of powershell.
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 72%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
Pooja Sk 0 Reputation points2023-10-30T01:21:09.0933333+00:00 Murari
Sign in to comment