https://github.com/themanticoreproject/findgpppasswords
A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts
https://github.com/themanticoreproject/findgpppasswords
active-directory aes decrypt find gpppasswords windows
Last synced: 3 months ago
JSON representation
A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts
- Host: GitHub
- URL: https://github.com/themanticoreproject/findgpppasswords
- Owner: TheManticoreProject
- Created: 2024-09-30T05:26:51.000Z (about 1 year ago)
- Default Branch: main
- Last Pushed: 2025-06-29T13:59:38.000Z (3 months ago)
- Last Synced: 2025-06-29T14:15:17.573Z (3 months ago)
- Topics: active-directory, aes, decrypt, find, gpppasswords, windows
- Language: Go
- Homepage: https://themanticoreproject.com/
- Size: 1 MB
- Stars: 157
- Watchers: 3
- Forks: 20
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
Awesome Lists containing this project
README
A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.
## Features
- [x] Only requires a **low privileges domain user account**.
- [x] Automatically gets the list of all domain controllers from the LDAP.
- [x] Finds all the Group Policy Preferences Passwords present in SYSVOL share on each domain controller.
- [x] Decrypts the passwords and prints them in cleartext.
- [x] Outputs to a Excel file with option `--export-xlsx `.
- [x] Option to test the credentials of the found GPP passwords with the `--test-credentials` option.
- [x] Multi-threaded mode with option `--threads `.
## Demonstration
By default, the tool will only find the GPP passwords and print them in cleartext:
```bash
./FindGPPPasswords-linux-amd64 --domain --username --password
```
There is also the possibility to test the credentials of the found GPP passwords with the `--test-credentials` option.
```bash
./FindGPPPasswords-linux-amd64 --test-credentials --domain --username --password
```
## Usage
```
$ ./FindGPPPasswords -h
FindGPPPasswords - by Remi GASCOU (Podalirius) @ TheManticoreProject - v1.2
Usage: FindGPPPasswords [--quiet] [--debug] [--no-colors] [--export-xlsx ] [--test-credentials] --domain --username [--password ] [--hashes ] [--threads ] [--nameserver ] --dc-ip [--ldap-port ] [--use-ldaps]
-q, --quiet Show no information at all. (default: false)
-d, --debug Debug mode. (default: false)
-nc, --no-colors No colors mode. (default: false)
Additional Options:
-x, --export-xlsx Path to output Excel file. (default: "")
-tc, --test-credentials Test credentials. (default: false)
Authentication:
-d, --domain Active Directory domain to authenticate to.
-u, --username User to authenticate as.
-p, --password Password to authenticate with. (default: "")
-H, --hashes NT/LM hashes, format is LMhash:NThash. (default: "")
-T, --threads Number of threads to use. (default: 0)
DNS Settings:
-ns, --nameserver IP Address of the DNS server to use in the queries. If omitted, it will use the IP of the domain controller specified in the -dc parameter. (default: "")
LDAP Connection Settings:
-dc, --dc-ip IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted, it will use the domain part (FQDN) specified in the identity parameter.
-lp, --ldap-port Port number to connect to LDAP server. (default: 389)
-L, --use-ldaps Use LDAPS instead of LDAP. (default: false)
```
## Contributing
Pull requests are welcome. Feel free to open an issue if you want to add other features.
## Credits
- [Remi GASCOU (Podalirius)](https://github.com/p0dalirius) for the creation of the [FindGPPPasswords](https://github.com/p0dalirius/FindGPPPasswords) project before transferring it to TheManticoreProject.