Hi,
thanks for your great work here first of all.
I am trying to decrypt credentials on a system where DPAPI is used with TBAL and a Microsoft account.
As written by PassScape for example (and also outputted by the diana-regdecrypt script), the 96 bytes from the LSA secret M$_CLOUDAP_TBAL_{4416F0BD-3A59-4590-9579-DA6E08AF19B3_ should be able to decrypt the masterkeys.
However, I did not manage to decrypt them with the try_credential_hash function, which I though should be the right place.
Is there something I am doing wrong?
Best wishes
Hi,
thanks for your great work here first of all.
I am trying to decrypt credentials on a system where DPAPI is used with TBAL and a Microsoft account.
As written by PassScape for example (and also outputted by the diana-regdecrypt script), the 96 bytes from the LSA secret
M$_CLOUDAP_TBAL_{4416F0BD-3A59-4590-9579-DA6E08AF19B3_should be able to decrypt the masterkeys.However, I did not manage to decrypt them with the try_credential_hash function, which I though should be the right place.
Is there something I am doing wrong?
Best wishes