SharpDPAPI
SharpDPAPI copied to clipboard
Add pass-the-sha1 for non domain joined machines
This PR allows the user to specify the /password
flag in SHA1 format when the machine is not domain-joined (i.e. local). These SHA1 passwords are calculated as SHA1(UTF16LE(password))
, which is output by mimikatz' sekurlsa::msv
. This feature mirrors the functionality already provided to support PtH for NTLM on domain-joined machines.
Note that when using the masterkeys
command with a /target
specified (e.g. a path to directory containing masterkeys), SharpDPAPI will not attempt to detect domain-joined-ness via the BK
file (since it may not exist simply because the user didn't copy it from the target system) - therefore I've also added the /local
flag which can be specified along with /target
to force the SHA1 path.