AADDecryptor is a tool for windows AAD BrokerPlugin def files decryption.
- Support offline decryption
- Support multiple ways of decrypting the Master key (password, hash, domain backup key)
- Output: appid, app name, username, refresh token, access token
AADDecryptor -hThis will display help for the tool. Here are all the switches it supports.
______ _
| _ \ AAD BrokerPlugin | |
| | | |___ ___ _ __ _ _ _ __ | |_ ___ _ __
| | | / _ \/ __| '__| | | | '_ \| __/ _ \| '__|
| |/ / __/ (__| | | |_| | |_) | || (_) | |
|___/ \___|\___|_| \__, | .__/ \__\___/|_|
__/ | |
|___/|_| v1.0.0
Windows AAD BrokerPlugin def files decryption utility.
Usage:
AADDecryptor [flags]
Flags:
INPUT:
-df, -def-files string AAD BrokerPlugin def files folder path
DPAPI:
-mkf, -master-key-files string master key files folder
-s, -sid string user sid
-p, -password string password
-hash string sha1 hash or ntlm hash
-pvk string domain backup key (.pvk)
OUTPUT:
-o, -output string output path+---aad
| a_k0d3p7ef9etr0bab3ndnhosd.def
|
+---masterKeyFolder
+---S-1-5-21-1099483827-325504281-218701502-1001
| cd8b97f2-c875-4e9e-85d8-bb8d73954e50
| PreferredAADDecryptor -df ./aad -mkf ./masterKeyFolder -p password123 -o output.txtThis project is licensed under the Apache 2.0 license.
If you have any issues or feature requests, please contact us. PR is welcomed.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent