Browsed by
Tag: Get-GPPPassword

Plaintext Password Extraction

Plaintext Password Extraction

Threat (Privilege Escalation) Group Policy Preferences allow administrators to create and manage local accounts on servers and workstations in an Active Directory domain. Attackers can easily find and obtain the encrypted passwords of administrative account credentials managed by Group Policy Preferences and decrypt them using the Microsoft-published AES key. How Plaintext Password Extraction through Group Policy Preferences Works The following is a summarization of how the attack works: An attacker locates group policy XML files containing AES encrypted local account