Net-GPPPassword

Most organizations or businesses running several PCs over a domain might be enforcing changing the built-in Administrator account credentials, with new passwords as a security requirement.

When dealing with multiple accounts, one strategy used by administrators was deploying a script for changing the said passwords on all Windows PCs. However, the security of Domain Admin rights over a network used to be quite fragile, due to the fact that the credentials data for such purposes were stored in a text string contained within the script used for changing the credentials, making it quite prone to external extraction.

In an attempt to come to the aid of those performing security assessments through penetration of such networks, Net-GPPPassword was designed, basically offering a .NET or C# implementation for retrieving such credentials.

There are three executables provided, each for a different .NET version, v2, v3.5 and v4, respectively, functionality being offered through the CLI, where the executable and the preferred domain can be provided.

The process can also be implemented with other threat emulation software, such as Cobalt Strike and its corresponding execute-assembly. Last but not least, the process will retrieve the plaintext password and all other relevant details for any identified accounts.